I ask myself what steps I have to take to make an ASP-APP secure?.
In my scenario I have an (company) intranet which gives a certain security against all attacks from outside right?
But what else has to be done? I'm using the Web Site Administration Tool to provide ASP member ship based log in. So users get a name and password and are devided into groups.
I have no HTTPs configuration. People enter the site over the server-domain (so something like:
Is the proper way to do so or am I missing some important steps?