Never Trust User Input (Do not trust user input) Validate All Textbox Entries Using Validation Controls, Regular Expressions, Code, And So ON (with verification control verify all input boxes, regular expressions, codes, etc.) Never use Dynamic SQL (do not use Dynamic SQL) Use Parameterized SQL or Stored Procedures (Do not use parameterized SQL or stored procedure) Never connection to a database Using An Admin-Level Account (Do not use managed account connection database) USE A LIMITED Access Account To Connect To The Database ( Connection databases with restricted accounts) Don't Store Secrets in Plain Text (Do not save secret information in plain text) Encrypt or Hash Passwords and other sensive data; you Should Also Encrypt Connection Strings (encrypted or messing) data, should also be encrypted connection string) Exceptions should divulge minimal information (abnormality information should leakage happened) Do not reveal too much information in error messages; use customErrors to display minimal information in the event of unhandled error; set debug to false ( Don't expose too much information in an error message, if you have an un error handling, you should display the least error message, set the debugging to false.
