I just talked about the SQL Injection Tool for analyzing websites for SQL Injection Vulnerabilities:
I didn't realize the SQL Injection Analysis Tool existed and could have used it during a large conversion from classic ASP to ASP.NET to verify existing SQL Injection vulnerabilities.
Along those same lines, I bumped into another tool, called XSS Detect, that detects Cross-Site Scripting Vulnerabilities in web applications. Unlike the Microsoft Source Code Analyzer for SQL Injection Tool, XSS Detect is valid for managed VB.NET, C#, and J# code. The only issue I see is that it has not been updated for Visual Studio 2008.
XSS Detect Beta Code Analysis Tool - Find Cross-Site Scripting Problems
Just like SQL Injection, Javascript Injection or Cross-Site Scripting is a known vulnerability for websites that do not properly validate input and encode output for display on the browser. As such, users can inject Javascript into the website and during display to the browser have that Javascript run and do malicious things.
XSS Detect can help identify those Cross-Site Scripting vulnerabilities in your web applications. Per the download description:
"XSSDetect is a static code analysis tool that helps identify Cross-Site Scripting security flaws found within Web applications. It is able to scan compiled managed assemblies (C#, Visual Basic .NET, J#) and analyze dataflow paths from sources of user-controlled input to vulnerable outputs. It also detects whether proper encoding or filtering has been applied to the data and will ignore such "sanitized" paths."
You can download XSS Detect Beta Code Analysis Tool here.
ASP.NET Web Security Tutorials