Securing ASP.NET MVC Application Checklist

Question

I am looking for a set of guidelines or a checklist that you can go over for securing a public ASP.NET MVC Website. I just want to make sure that I am not making any of the obvi

Answer 1

Don't use the default GET on actions unless absolutely necessary. For example, if you have a DeleteUser action that doesn't have a [AcceptVerbs(HttpVerbs.Post)] on it, it can be called via

Which will get called by whomever "views" the image.