Quote:
I need rules of security code does some of you have it?
Rules of security codes does not exist by themselves because secure code does not exist by itself.
Security exist only against a threat and the way to secure a piece of code depend on the threat.
The simple fact of using C# instead of C or C++ is already an action to make code secure against memory leaks.
SQL injection is another threat, and solution is different.
Using unit testing is a security action.
threats are endless.
[Update]
C# and .net are safe against programmer mistakes like memory management and leaks.
I guess your main treat is user mistakes: the solution is usually to check every user inputs against constraints like alpha, number or empty.
If you use an SQL database, protect it against 'SQL Injection'