Check | Description |
---|---|
| Security decisions should not rely on client-side validations; they are made on the server side. |
| The Web site is partitioned into public access areas and restricted areas that require authentication access. Navigation between these areas should not flow sensitive credentials information. |
| The identities used to access remote resources from ASP.NET Web applications are clearly identified. |
| Mechanisms have been identified to secure credentials, authentication tickets, and other sensitive information over network and in persistent stores. |
| A secure approach to exception management is identified. The application fails securely in the event of exceptions. |
| The site has granular authorization checks for pages and directories. |
| Web controls, user controls, and resource access code are all partitioned in their own assemblies for granular security. |