1. Articles from Rick Anderson, Microsoft MVP about security on ASP.NET MVC web application.
2. Series Article from Troy Hunt, MS MVP about Top 10 Open Web Application Security Project (OWASP) security risks for .Net developers.
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards