One of our web application which is developed using classic asp, has security problems all the time and causing problems to us. I compiled a number of things you should do to escape the same problems, let me know what u think

• Keep security in ur mind starting the design level
• use stored procedures or at least parameterized sql
• keep connection string in web.config and encrypt it
• validate user input including form inputs, querystring inputs etc
• encode user input
• dont give out hacker friendly error messages
• dont reinvent the wheel for user management, account management, use membership provider
• encrypt or better hash passwords in the database
• instead of sql authentication try to use windows authentication to connect to sql
• dont create too many admin accounts; use delefation
• log failed attempts
• monitor your application
• patch your system
• When u need ssl, use it
• dont reinvent encryption algorithms use .net framework security algos
• dont forget software ages like human being; the older it is, the more complains you will get
• have a backup plan
• have backups
• document ur apps, ur security tests
• read owasp.org
• read ms security bulletin