There is a library of scripts for the anti-cross site from Microsoft:
AntiXSS helps protect your current applications from cross-site scripting attacks while helping protect your legacy application with its Runtime Engine security tool. Working with customer and partner reviews, AntiXSS includes radically and innovatively rethought features, offering you a newer and more powerful weapon against the frequently used cross-site scripting (XSS) attack. AntiXSS gives you:
- Improved performance. AntiXSS is completely rewritten for performance, but still retains the basic protection against the XSS attacks you rely on for your applications.
- Safe globalization. The network is a global market, and cross-site scripting is a global problem. The attack can be encoded anywhere, and Anti-XSS now protects against XSS attacks encoded in dozens of languages.
- Compliance. AntiXSS is written in accordance with modern web standards. You can protect your web application without adversely affecting its user interface.
Many other security features are baked in ASP.NET and IIS, and as far as SQL is concerned, you should use parameterized queries.
There are also several .NET projects in the web interface listed on the OWASP page:
OWASP.NET Project:
The goal of the OWASP.NET project is to provide a central repository of information and tools for software professionals who use the Microsoft.NET Framework for web applications and services.
AntiSamy.NET:
The OWASP AntiSamy.NET project is a few things. Technically, this is an API for providing custom HTML / CSS in accordance with application rules.
You can also take a look at Troy Hunt's new IIS vulnerability scanner - asafaweb .
Odded source share