I am looking for easy steps that are simple and effective in making a web application more secure.

What are your top tips for secure web applications, and what kind of attack will they stop?

Question author Oded | Source



Microsoft Technet has en excellent article:

Ten Tips for Designing, Building, and Deploying More Secure Web Applications

Here are the topics for the tips answered in that article:

  1. Never Directly Trust User Input
  2. Services Should Have Neither System nor Administrator Access
  3. Follow SQL Server Best Practices
  4. Protect the Assets
  5. Include Auditing, Logging, and Reporting Features
  6. Analyze the Source Code
  7. Deploy Components Using Defense in Depth
  8. Turn Off In-Depth Error Messages for End Users
  9. Know the 10 Laws of Security Administration
  10. Have a Security Incident Response Plan
Answer author Espo

Ask about this question here!