A few people have been asking for the table of contents for Beginning ASP.NET Security so here it is;

• CHAPTER 1: WHY WEB SECURITY MATTERS
  • Anatomy of an Attack
  • Risks and Rewards
  • Building Security from the Ground Up
    • Defense in Depth
    • Never Trust Input
    • Fail Gracefully
    • Watch for Attacks
    • Use Least Privilege
    • Firewalls and Cryptography Are Not a Panacea
    • Security Should Be Your Default State
    • Code Defensively
  • The OWASP Top Ten
  • Moving Forward
  • Checklists
• CHAPTER 2: HOW THE WEB WORKS
  • Examining HTTP
    • Requesting a Resource
    • Responding to a Request
    • Sniffing HTTP Requests and Responses
  • Understanding HTML Forms
  • Examining How ASP.NET Works
    • Understanding How ASP.NET Events Work
    • Examining the ASP.NET Pipeline
    • Writing HTTP Modules
  • Summary
• CHAPTER 3: SAFELY ACCEPTING USER INPUT
  • Defining Input
  • Dealing with Input Safely
    • Echoing User Input Safely
    • Mitigating Against XSS
    • The Microsoft Anti-XSS Library
      • The Security Run-time Engine
    • Constraining Input
    • Protecting Cookies
  • Validating Form Input
    • Validation Controls
    • Standard ASP.NET Validation Controls
      • Using the RequiredFieldValidator
      • Using the RangeValidator
      • Using the RegularExpressionValidator
      • Using the CompareValidator
      • Using the CustomValidator
      • Validation Groups
  • A Checklist for Handling Input
• CHAPTER 4: USING QUERY STRINGS, FORM FIELDS, EVENTS, AND BROWSER INFORMATION
  • Using the Right Input Type
  • Query Strings
  • Form Fields
  • Request Forgery and How to Avoid It
    • Mitigating Against CSRF
  • Protecting ASP.NET Events
  • Avoiding Mistakes with Browser Information
  • A Checklist for Query Strings, Forms, Events, and Browser Information
• CHAPTER 5: CONTROLLING INFORMATION
  • Controlling ViewState
    • Validating ViewState
    • Encrypting ViewState
    • Protecting Against ViewState One-Click Attacks
    • Removing ViewState from the Client Page
    • Disabling Browser Caching
  • Error Handling and Logging
    • Improving Your Error Handling
    • Watching for Special Exceptions
    • Logging Errors and Monitoring Your Application
    • Using the Windows Event Log
    • Using Email to Log Events
    • Using ASP.NET Tracing
    • Using Performance Counters
    • Using WMI Events
    • Another Alternative: Logging Frameworks
  • Limiting Search Engines
    • Controlling Robots with a Metatag
    • Controlling Robots with robots.txt
  • Protecting Passwords in Config Files
  • A Checklist for Query Strings, Forms, Events and Browser Information
• CHAPTER 6: KEEPING SECRETS SECRET — HASHING AND ENCRYPTION
  • Protecting Integrity with Hashing
    • Choosing a Hashing Algorithm
    • Protecting Passwords with Hashing
      • Salting Passwords
      • Generating Secure Random Numbers
  • Encrypting Data
    • Understanding Symmetric Encryption
      • Protecting Data with Symmetric Encryption
    • Sharing Secrets with Asymmetric Encryption
      • Using Asymmetric Encryption without Certificates
      • Using Certificates for Asymmetric Encryption
      • Getting a Certificate
    • Using the Windows DPAPI
  • A Checklist for Encryption
• CHAPTER 7: ADDING USERNAMES AND PASSWORDS
  • Authentication and Authorization
  • Discovering Your Own Identity
  • Adding Authentication in ASP.NET
    • Using Forms Authentication
      • Configuring Forms Authentication
      • Using SQL as a Membership Store
      • Creating Users
      • Examining How Users Are Stored
      • Configuring the Membership Settings
      • Creating Users Programmatically
      • Supporting Password Changes and Resets
    • Windows Authentication
      • Configuring IIS for Windows Authentication
      • Impersonation with Windows Authentication
  • Authorization in ASP.NET
    • Examining <allow> and <deny>
    • Role-Based Authorization
      • Configuring Roles with Forms Based Authentication
      • Using the Configuration Tools to Manage Roles
      • Managing Roles Programmatically
      • Managing Role Members Programmatically
      • Roles with Windows Authentication
    • Limiting Access to Files and Folders
    • Checking Users and Roles Programmatically
      • Securing Object References
  • A Checklist for Authentication and Authorization
• CHAPTER 8: SECURELY ACCESSING DATABASES
  • Writing Bad Code: Demonstrating SQL Injection
  • Fixing the Vulnerability
  • More Security for SQL Server
    • Connecting Without Passwords
      • SQL Permissions
      • Adding a User to a Database
      • Managing SQL Permissions
      • Groups and Roles
      • Least Privilege Accounts
    • Using Views
    • SQL Express User Instances
    • Drawbacks of the VS Built-in Web Server
    • Dynamic SQL Stored Procedures
    • Using SQL Encryption
      • Encrypting by Pass Phrase
      • SQL Symmetric Encryption
      • SQL Asymmetric Encryption
      • Calculating Hashes and HMACs in SQL
  • A Checklist for Securely Accessing Databases
• CHAPTER 9: USING THE FILE SYSTEM
  • Accessing Existing Files Safely
    • Making Static Files Secure
      • Checking That Your Application Can Access Files
    • Making a File Downloadable and Setting Its Name
    • Adding Further Checks to File Access
      • Adding Role Checks
      • Anti-Leeching Checks
    • Accessing Files on a Remote System
  • Creating Files Safely
  • Handling User Uploads
    • Using the File Upload Control
  • A Checklist for Securely Accessing Files
• CHAPTER 10: SECURING XML
  • Validating XML
    • Well-Formed XML
    • Valid XML
    • XML Parsers
  • Querying XML
    • Avoiding XPath Injection
  • Securing XML Documents
    • Encrypting XML Documents
      • Using a Symmetric Encryption Key with XML
      • Using an Asymmetric Key Pair to Encrypt and Decrypt XML
      • Using an X509 Certifi cate to Encrypt and Decrypt XML
    • Signing XML Documents
  • A Checklist for XML
• CHAPTER 11: SHARING DATA WITH WINDOWS COMMUNICATION FOUNDATION
  • Creating and Consuming WCF Services
  • Security and Privacy with WCF
    • Transport Security
    • Message Security
    • Mixed Mode
    • Selecting the Security Mode
    • Choosing the Client Credentials
  • Adding Security to an Internet Service
  • Signing Messages with WCF
  • Logging and Auditing in WCF
  • Validating Parameters Using Inspectors
  • Using Message Inspectors
  • Throwing Errors in WCF
  • A Checklist for Securing WCF
• CHAPTER 12: SECURING RICH INTERNET APPLICATIONS=
  • RIA Architecture
  • Security in Ajax Applications
    • The XMLHttpRequest Object
    • The Ajax Same Origin Policy
    • The Microsoft ASP.NET Ajax Framework
      • Examining the UpdatePanel
      • Examining the ScriptManager
      • Security Considerations with UpdatePanel and ScriptManager
  • Security in Silverlight Applications
    • Understanding the CoreCLR Security Model
    • Using the HTML Bridge
      • Controlling Access to the HTML DOM
      • Exposing Silverlight Classes and Members to the DOM
    • Accessing the Local File System
    • Using Cryptography in Silverlight
    • Accessing the Web and Web Services with Silverlight
  • Using ASP.NET Authentication and Authorization in Ajax and Silverlight
  • A Checklist for Securing Ajax and Silverlight
• CHAPTER 13: UNDERSTANDING CODE ACCESS SECURITY
  • Understanding Code Access Security
    • Using ASP.NET Trust Levels
      • Demanding Minimum CAS Permissions
      • Asking and Checking for CAS Permissions
      • Testing Your Application under a New Trust Level
      • Using the Global Assembly Cache to Run Code Under Full Trust
      • .NET 4 Changes for Trust and ASP.NET
  • A Checklist for Code not Under Full Trust
• CHAPTER 14: SECURING INTERNET INFORMATION SERVER (IIS)
  • Installing and Configuring IIS7
    • IIS Role Services
      • Removing Global Features for an Individual Web Site
    • Creating and Configuring Application Pools
    • Configuring Trust Levels in IIS
      • Locking Trust Levels
      • Creating Custom Trust Levels
  • Filtering Requests
    • Filtering Double-Encoded Requests
    • Filtering Requests with Non-ASCII Characters
    • Filtering Requests Based on File Extension
    • Filtering Requests Based on Request Size
    • Filtering Requests Based on HTTP Verbs
    • Filtering Requests Based on URL Sequences
    • Filtering Requests Based on Request Segments
    • Filtering Requests Based on a Request Header
  • Status Codes Returned to Denied Requests
  • Using Log Parser to Mine IIS Log Files
  • Using Certificates
    • Requesting an SSL Certificate
    • Configuring a Site to Use HTTPS
    • Setting up a Test Certification Authority
  • A Checklist for Securing Internet Information Server (IIS)
• CHAPTER 15: THIRD-PARTY AUTHENTICATION
  • A Brief History of Federated Identity
  • Using the Windows Identity Foundation to accept SAML and Information Cards
    • Creating a “Claims-Aware” Web Site
    • Accepting Information Cards
    • Working with a Claims Identity
  • Using OpenID with Your Web Site
  • Using Windows Live ID with Your Web Site
  • A Strategy for Integrating Third-Party Authentication with Forms Authentication
  • Summary
• CHAPTER 16: SECURE DEVELOPMENT WITH THE ASP.NET MVC FRAMEWORK
  • MVC Input and Output
    • Protecting Yourself Against XSS
    • Protecting an MVC Application Against CSRF
    • Securing Model Binding
    • Providing Validation for and Error Messages from Your Model
  • Authentication and Authorization with ASP.NET MVC
    • Authorizing Actions and Controllers
    • Protecting Public Controller Methods
    • Discovering the Current User
    • Customizing Authorization with an Authorization Filter
  • Error Handling with ASP.NET MVC
  • A Checklist for Secure Development with the ASP.NET MVC Framework
• INDEX

I’ve cut and pasted this from proof PDFs, so any weird formatting errors are mine as I tried to turn this into HTML.