Ask HN: How to Secure My .NET Application Against Common Threats?

Microsoft has a site dedicated to the Security Development Lifecycle: https://www.microsoft.com/en-us/securityengineering/sdl, which is a good starting point. You might want to look at the whole process, including doing a threat assessment. e.g. Concerns differ based on the technology you're developing with, such as cloud, desktop, mobile, or web. Essentially, it's a process of identifying what you need to pay attention to and weighing risk/cost benefits. There's a ton of information available and focusing on your specific situation will help narrow the surface area you need to care about.