Before your web becomes victim of hacked web site, you can proactively take baby step to fight against hackers.

1. Manytimes beginners or freshers writes codes which leads SQL injection attack. To know more about SQl injection follow below link.
    
     http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
   
     SQL injection cheat sheet

To avoide SQL injection attacks, use parameterized query like how we pass the variables to stored procedure.


2. ASP.NET Security Vulnerability  http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx

    above vulnerability applies to Java and who uses AES algorithm or MD5 algorithm.

Latest update ASP.NET Security Update Shipping Tuesday, Sept 28th

http://weblogs.asp.net/scottgu/archive/2010/09/27/asp-net-security-update-shipping-tuesday-sept-28th.aspx


3. Hack IIS

   You must learn to hack the web, this way you will not leave any loop hole on production server.

4. While assigning appropriate runtime using aspnet_regiis don't forget to un-map your domain from IIS. 
    If you don;t have runtime assigned to your IIS, all code including web.config and your server side script becomes
    accesible to end user as a plain text.