The answer is simple: a lot more.
What happens is someone eavesdrops the authentication procedure? Even more sensitive moment: what happens is someone eavesdrops creation of a password for the first time? reset of the forgotten password and the procedure of passing new (temporary) password to the user?
What happens during server-side handling of the data from the "contact us" page? If a malicious artist knows that a mail message is involved in further processing, the malicious mail headers can be injected in HTTP request in no time at all — do you sanitize the data before sending the mail?
I mentioned only few items which came to my mind immediately, based on some experience with some of the most basic mistakes the Web developers make in real life. There are a lot more concerns, and none of them is less important.
So, the essence of my answer is:
you cannot hope that one of out experts would write a hole book on Web security on your order.
You can start here, but it won't be enough:
Internet security — Wikipedia, the free encyclopedia[
^].
This is only to get you some basic ideas on what involved. If you have some sensitive information involved in your site, you have to get a whole big part of education of the topic; and still I cannot be sure it would be enough. For example, some of CodeProject experts used to advise: never ever develop anything related to paying real money; one person just cannot learn enough Internet security and develop such a reliable application which people could really rely on, when it comes to money. Security is
serious business™. :-)
Sorry for not answering your question in full, I believe it would not be possible.
—SA
Submit an article or tip