Security checklist - designing a website

This is a design checklist – facts you should consider before you begin developing your website.

Security requirements

 I know how critical the website safety will be (whether it is a blog, corporate website, e-shop, bank application, etc.).
 I know if my website will need any special certificates (PCI, Safe Harbor, etc.).
 I know which special requirements will be imposed on the website (custom authentication, premium sections, various types of administrators, etc.).
 I have an idea about the number of users accessing the system, which roles will the users be grouped under, which sections of the website will be accessible only to authenticated users, and so on.
 I know how large the scope of planned custom development will be.
 I know if security issues will be addressed during the development phase (possibly with the threat modeling) or after the website has been implemented.


 I know what environment I will deploy my website to (private server, web hosting or cloud).
 I know the security restrictions of the live environment.
 I know what settings I will have access to in the live environment (which IIS settings).


 I have mapped my security requirements to the Kentico system (for example, if you want to apply password policy, then you know Kentico ensures this and if the solution suits you).
 I am familiar with all Kentico system protections and I know how to utilize them.
 I know which applications and services will my website need and which I can uninstall or disable.
 I know how to use Kentico API securely.
 I have designed all custom authorization and authentication protections and I know how to implement them in Kentico.