These are the guys teaching the courst on Defensive Web Programming
Paros is for people who need to evaluate the security of their web applications. Which is a proxy that allows you to intercept and modify all HTTP and HTTPS data for the purposes of testing.
Asp.Net forum post announcing the Anti-Cross Site Scripting (XSS) library from Microsoft, with links to downloa.d and documentation
OWASP CSRF Guard - protects a web application from Cross-Site Request Forgery attacks through the use of a unique random request token...
This URL is blocked by the Xerox proxy... but it's the home of the napkin app shown during class on Tuesday.
A web-based alternative to Napkin for encoding strings...
Holodeck - allows you to simulate faults like out-of-memory, high latency, etc, and in geneal take full control over a simulated windows and .net API environment to test your applications.
John's blog ...
The vulnerability scanning program is an integral part of the information security risk assessment process. Scans are conducted against environmental components: servers (OS), databases, and web applications. Vulnerability scanning may be conducted from an internal or external location to identify weaknesses within the environment and mitigate against them before they can be exploited.