Security tips for hosting .NET Web Application on IIS
Hi guys, After having made multiple small/medium level web application and hosted them in IIS. I have learned certain actions we can take while hosting to make a web application secure. They are as below. 1) Prevent Clickjacking In order to prevent clickjacking add the below to configuration > system.webServer > httpProtocol > customHeaders in web.config. <add name="X-Frame-Options" value="sameorigin" /> 2) To prevent clients knowing what options the server is serving (unless you want them to know) add the below to configuration > system.webServer > httpProtocol > customHeaders in web.config. <add name="X-Content-Type-Options" value="nosniff" /> 3) To prevent CSS attacks add the below to configuration > system.webServer > httpProtocol > customHeaders in web.config. <add name="X-XSS-Protection" value="1" /> 4) Make sure you are using https (TLS) whenever you can. 5) Go to your we...