Nov 21, 2011 07:31 PM|lbriner|LINK
Well although I applaud the fact that you have taught yourself, when it comes to security, really you need to take some formal training. There are in fact many ways to attack a web site, some by obtaining login credentials, sometimes just by weaknesses in
the application itself. However good you are, you will never spot all of these weaknesses yourself, which is why proper training is so important. If you want to spend some time reading up on it then look at owasp.org who have many articles and checklists about
securing your site.
The easiest ways to keep it secure is to check all user input at the server (even if you also check on the client) and make sure that it is very hard therefore to inject anything like SQL or scripts. Remove any unused methods in the code behind, and DO NOT
use a system admin type login between the web application and the database.