Interesting guide/checklist if your looking to do a security review for your ASP.Net deployments:
“This How To shows you how to perform a security deployment review for an ASP.NET 2.0 application to identify potential security vulnerabilities introduced by inappropriate configuration settings. The majority of the review process involves making sure that correct configuration settings are applied to the machine-level Web.config file and your application-specific Web.config file.
- Learn what’s new in ASP.NET 2.0 security configuration.
- Review ASP.NET 2.0 configuration settings to improve security.
- Learn about the new special directories in ASP.NET 2.0, and their security implications.
- Learn how to lock down your machine-level settings.
- Learn how to configure <machineKey> for a Web farm scenario.
- Learn how to encrypt a connection string in a Web farm scenario.
- Learn how to use obfuscation with ASP.NET 2.0.