Microsoft Code Analysis Tool .NET is a new tool to detect certain vulnerabilities in your code – including Cross Site Scripting, SQL Injection, Process Command Injection, File Canonicalization, Exception Information, LDAP Injection, XPATH Injection and Redirection to User Controlled Site.

Also there’s a beta release of version 3 of the AntiXSS library which can help reduce the chance of cross-site scripting vulnerabilities in your ASP.NET application.