Bryan Sullivan has written an excellent article describing the various secure
configuration options in .NET’s Web.config file. If you write ASP.NET
applications be sure to check this out.
"Some enlightened software
architects and developers are becoming educated on these threats to application
security and are designing their Web-based applications with security in mind.
By "baking in" application security from the start of the development process,
rather than trying to �brush it on� at the end, you are much more likely to
create secure applications that will withstand hackers’ attacks.
However, even the most meticulous and security-aware C# or VB.NET code
can still be vulnerable to attack if you neglect to secure the Web.config
configuration files of your application. Incorrectly configured Web-based
applications can be just as dangerous as those that have been incorrectly coded.
To make matters worse, many configuration settings actually default to insecure
values.
This article lists five of the �worst offenders� of
misconfigurations of application security that are universally problematic for
all ASP.NET Web-based applications."
Article Link: http://www.securitypark.co.uk/article.asp?articleid=26905&CategoryID=1
