As your company develops software, you must think of security at every phase. Security cannot be an add-on at the end of project. How do you know if it was done right though? You may need a security code audit. Keene Systems, Inc. can provide this for you.
Below are some common questions* you should ask while reviewing your own code for security flaws:
Q: Upon reviewing the web.config file, are there any authentication and/or authorization rules embedded there that could lead to compromise of the site?
Q: How does the framework and application deal with errors, especially whether detailed error messages are propagated back to the client?
Q: Have debug information and debugging been disabled?
Q: What are the validateRequest and EnableViewStateMac directives set to for the ASP.Net application?
Q: Have the default permission sets on file system and database-based resources, such as configuration files, log files and database tables been established properly?