I currently have an asp.net application that is secured using asp membership authentication. I really need this to be as secure as possible so I'm wondering if anyone out there has any tips.
I'm using Http attributes for authorize, using roles. Some of my pages do ajax calls which return json. Is there any best practice to avoid being hacked and is there any known vulnerabilities and best practice that I have to consider??