I have a web service running. I've disabled directory browsing on each folder. What else can I do from IIS7 to secure my application from potential scanning and hacking?
Thats really an open ended question that cannot be answered. For one thing we do not know how your application functions, how it is designed, and how it is coded. Generally speaking the server itself is fairly secure. From what I've seen, the majority cause of the exploit is within the web application and the users computer. I say the web application because often times the owner of the site does not put the proper text filtering rules to protect itself against SQL Injection attacks or does not stay up to date with the latest security patches for their web application. The second source is the owners computer. Because most personal computers are not protected with an extensive firewall or an Intrusion Detection/Prevention system (unlike hosting servers) they contract a virus or a worm where it logs their accounts login and password. From there, the creator of the worm/virus can log into the persons control panel and FTP site and upload scripts to the web pages that are harmful and damaging.
