http://fullstackprep.dev/articles/webd/aspnet/security-best-practices-asp-net