Learning website security (specifically on IIS7)

Question

I have never had to deal with the security aspects of a website before but would like to learn how to run a secure website on my own server (IIS7).

What elements of security do I need to learn? Are there good online resources?

• client side
• IIS
• Server / Firewall
• Asp.Net

Note: I'm thinking of security meaning safe and secure, not related to authorization, etc. on the actual website.

Answer 1

Security in IIS is a huge topic and it really depends on your application and what it needs. Check this out to help you get started:

• http://www.microsoft.com/technet/security/prodtech/IIS.mspx

Answer 2

You can find some articles about security features of IIS7 on this page: http://www.iis.net/getstarted.

For tutorials about ASP.NET security, have a look at this page: http://www.asp.net/learn/