Security on asp.net (and other serverside scripting languages)

Hello list,

first i've to say that i'am not a programmer and I'm researching for a
friend..
So I'am sorry if I sound a bit unqualified So I thought it's good to start
here and find some experts 

Currently they write cgi's for their webbased application (I think
everything with c++) Webserver is MS IIS. They need to access a MS SQL
Database and among other and Process AuditLogfiles (sort, display, etc.) 

They're thinking about to move over to .NET but there's been a discussion
about security...

Can you tell me, whats state of the Art using for Server side-Scripting
today?
Perhaps somebody could post a link/doc
comparing the different "solutions", pro's & cons and especially security
consideration.

Thank You!

Regards
Tom