Web site security

[Bénoni MARTIN <Benoni.MARTIN () libertis ga>]

Hi list!

Currently setting up a website in ASP, I am looking for some docs about secure programming. The questions I have are 
like:
- What do I have to check / avoid in my web pages to avoid vulnerabilities,
- How to store password hashes in my Data Base, and not clear-text passwords,
- What tools can be good to help me securing a web site (I was thinking about Nessus, Whisker, AppScan, WebInspect, 
maybe there are more than that and better)
- ...

The technologies I am using are IIS 6, SQL Server 2000 and Win2K3.

Thanks in advance for any clue, advice, ...!