Improving Web Application Security: Threats and Countermeasures

ADO.NET exceptions are trapped and logged.

Database connections and other limited resources are released in case of exception or completion of operation.

ASP.NET is configured with a generic error page using the <customErrors> element.