Michael Willers, our security expert, just pointed me to an interesting resource related to ASP.NET Security.