This tutorial will explain what is ASP.NET security and how to create efficient defense for your data.
You could exploit the security in 3 directions:
– ASP.NET website data, including user passwords, Credit Cards, private user information as address, personal info etc…
To protect the ASP.NET data you should check all get and post parameters before using them. Also to install SSL certificate so, the user connection to be encrypted and nobody can see the user credentials in plain text over the network. It will be good to read some good tutorial at http://www.howtoasp.net/ about this kind of issues.
– SQL Server data. Again, you should check all get and post ASP.NET parameters to avoid the SQL injection attack, also to restrict the direct SQL port access via your firewall settings.
– Server, the attacker could gain control over the whole server. You should upgrade all ASP.NET versions to avoid exploits. Also, if you use ASP.NET in full trust you should check all the submitted data, so the user not to be able to execute some command on the server.