Today I have been to a Microsoft event. The presenter talked about ASP.Net security, Visual Studio.Net 2008 and a few tips on how to secure your web applications. One thing I like about this kind of events is there's always hidden gold that you can walk with. One that stands out is when the presenter talked about ViewStateUserKey. To avoid malicious user from using your ViewState value for XSS kind of attacks, setting the ViewStateUserKey in the Page_Init event of the Page will alleviate this.
The presenter also talked about Microsoft Anti-Cross Site Scripting Library V1.5. This library will help you HtmlEncode text that your web application process.