Use the review questions in this section to review your ASP.NET pages and controls. For more information about the issues raised in this section, see Chapter 10.
Do you disable detailed error messages?
Do you disable tracing?
Do you validate form field input?
Are you vulnerable to XSS attacks?
Do you validate query string and cookie input?
Do you rely on HTTP headers for security?
Do you secure view state?
Do you prevent XSS?
Are your global.asax event handlers secure?
Do you provide adequate authorization?
If you let an exception propagate beyond the application boundary, ASP.NET can return detailed information to the caller. This includes full stack traces and other information that is useful ...