I have been asked to provide security assessment for Asp.net site using WebForms Authentication with Default Asp.net Membership Provider not using https?
The website in question just provides some confidential information and nothing financial, but yet still I would like to have at least a security level matching what I would like for webbased email client ( gmail. hotmail etc. ). I have assumed the first requirement is getting https certificate. What else should I consider? Any links for security related issues for Asp.net deployment? Regards Arjang
