A couple of years back, I met J.D. Meier at a developer lab in Redmond. We talked about some things that I was researching on page frameworks, and I was instantly amazed at his knowledge. He is one of the masterminds behind Building Secure ASP.NET Applications, which I consider the best resource on security for .NET. Yes, it is intended for ASP.NET, but it touches so many topics and is organized very well. If you have not checked out the book (I mean that literally), I heavily encourage you to read this. It is worth more than any book that I acquired on the topic of ASP.NET development.
The reference material even has a section of How To’s that include the code to do all of the Best Practice implementations that are shown throughout the document. Again, it is something that no .NET developer should be without.
You might be saying “But it’s an ASP.NET document!” and you’re right. However, there are so many topics that affect more than that web UI covered that this is a MUST read. And since we just got out of DevDays, consider this list of topics from DevDays that this book covered over a year ago: DPAPI, securing the passwords in the database, storing secrets, storing connection strings securely, issues with credentials transmitted over the wire, etc.
