OWASP ZAP is an excellent (FREE) tool to test your website for common security issues. It has a large library of plugins and an what seems to be an active community. Although the tool has an active attack method, I prefer the passive attack method as you can use the site as you normally would. Although tutorials do exist on how to get started, I personally had difficulty finding them or knowing what I was even looking for when I first started. Especially related to passive security scanning. The interface isn't the most "intuitive", so I figured I would write these instructions for anybody encountering the same problems.read more
I'm currently working through a complete Identity setup without using Entity framework. This is taking me to difficult places as the source for this library is yet to be released. It involves lots of reading and guessing. One area of confusion is the Security Stamp.
You can read about the description over at stack overflow http://stackoverflow.com/questions/19487322/what-is-asp-net-identitys-iusersecuritystampstoretuser-interface.
This is the best I found, but it still wasn't enough for the full blown, non EF version.read more