hello everybody,
I am working on .net application (asp.net and vb.net and sql server as backend). How can I provide security to my web application ?
Please anybody tell me about it?

Thank you,

what is your exact concern? btw, IIS does not allow external users to access your web.config file.

With asp.net, it is very secure. Another step you can take to make it more secure is to create ASPX holder pages with all includes of ASCX. That way no one, ever, can read your ascx page. You can also encrypt all data sent and then decrypt when you receive it. A step that isn't usually followed, but can be done. ASP.NET is a very secure language. Everything read on your server is spit out as html, so therefore no one ever see's your asp.net coding, the backend, etc.