An article I recently wrote has just been published on MSDN. It covers the basic principles of securing application pages, and why they are often at risk; as well as providing code samples on how to properly secure your application pages, including:

  • How and when to validate page requests
  • How to verify Base Permissions
  • How to verify Role Definitions
  • How to verify Group Memberships

Check it out at: Securing Application Pages in Windows SharePoint Services 3.0 (