http://fullstackprep.dev/Articles/webd/aspnet/security-best-practices-asp-net