I am trying to get a handle on security for ASP.NET, but an overall picture is hard to draw. I was wondering if anyone knows of a good source (web page, book, etc) of "Dos and Don'ts" for ASP.NET from a security standpoint. For instance, maybe "Do make your page accessible by authorized users by...", or even more simple than that. I am looking for a broad overview. I want to make sure that I am not making any obvious mistake to allow someone on the Internet to exploit the ASP.NET application. Maybe a list of common mistakes?