http://www.fullstackprep.dev/Articles/webd/aspnet/security-best-practices-asp-net