I made a pretty basic asp.net ecommerce website and i'm trying to test for sql injection attacks,XSS, all the rest of that crap. I don't know very much about security but i do know the basics. I was just wondering if anyone here knew of some tutorials or guides on how i can test and protect my site against these sorts of attacks. I'm using MS SQL for my db. All db calls are done using stored procs. I do also have some field validation. I would have liked to have been abel to post code or the site address but the Site isn't currently open to the public and i don't think my boss would approve. Again any information or tips would be much appreciated.


P.S. Please forgive any lack of information or gramatical errors. I don't usually post.