http://www.fullstackprep.dev/articles/webd/aspnet/security-best-practices-asp-net