By doing all these things, you make your web app a safer place for users
and their data. Remember, safety is something you have to keep working
on to stay protected from new dangers.
- Error handling - Must setup custom error page.
- Cross-Site-Request-Forgery (CSRF) – Antiforgery token
- Cross-Site-Scripting (XSS) attacks – Must validate input controls
- Mallicious file upload – Must validate the extension of files.
- SQL injection attack - Validate inputs, use parameterized queries, use ORM (e.g. dapper , entity framework ), use stored procedures and avoid dynamic queries.
- Save the password in encrypted form so that even developer can’t access it.
- Use https
Tags:
ASP.NET MVC Advance