What security consideration are in software part and what are in Server configuration [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 11 years ago.

I'm an Asp.net programmer.I want to know What security consideration are in so开发者_Go百科ftware part and waht are in Server configuration to prevent hack.

for example I know that preventing SQL injection is software part but preventing deface a site is in server part.

what security risk I must be consider in coding?

---

For beginners:

• XSS => always HTML encode anything that comes from the user
• SQL Injection => always use parametrized queries
• Mass assignment => always always use view models
• CSRF => use anti forgery tokens

... this list continues on the Developer Highway Code (probably the most comprehensive guide ...).

As far as the server configuration part is concerned don't hesitate to ask your question on http://serverfault.com where you will get answers from people specializing in this area of expertize.

---

Check out the OWASP Top 10 for 2010 for a concise overview of common security vulnerabilities and steps to mitigate them. As others have said, this is a broad and complex topic, but the top 10 can point you to the concepts that you need to master.