Learn and understand common application security threats.
Apply security design principles within your application development team.
Establish a security process.
Incorporate defense-in-depth.
Apply the SD3+C strategy for secure applications.
Apply best practices for securing by design.
Apply .NET authentication and authorization mechanisms.
Encrypt sensitive data.
Assume external applications and code is insecure.
Design to fail, and fail securely.
Implement least privilege.
Implement privilege separation.
Sanitize input.
Validate security coding best practices with FxCop.
Incorporate security-focused code reviews.
Apply best practices for securing by default.
Install only necessary components by default.
Configure restrictive permissions by default.
Apply best practices for securing in deployment and communication.
Handle failures and errors securely.
Establish a support and bug remediation process.
Provide setup and configuration guidance to users.
Adhere to compliance requirements.
Involve users in the security dialog.
Establish a security response communication plan.
Understand and apply .NET Runtime Security Policies and Code Access Security.
Apply security-focused best practices in application testing processes.
Invest in protective infrastructure components.