I am working on my first asp MVC project that will ultimately end up on a publicly accessible web server (I have worked on some internal apps in MVC). What techniques, practices should I be thinking about (specific to MVC or otherwise) to improve security.
Off the top of my head obviously there is the AcceptVerb attribute for actions and Validation what else?
The Windows Live team has written a white-paper describing lessons learned using ASP.NET MVC on certain Windows Live properties. They do a lot of security analysis and present their security tips here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7606f801-70c5-49ca-a18c-91d4ed725833&displaylang=en