Security design consideration for web application

The security problem with web application:

• Web application is easier to hack as long as you know the URL - this means that some security control must be implemented in the web application.
• The primary key value of the table is integer data type - this is easier to guess what's next value. For example, "http://myWeb.com/customer.aspx?cust_id=123" and the next record is "http://myWeb.com/customer.aspx?cust_id=124".
• Session ID - you may rely on the ASP.net session ID or you handle it your own.
• Deleting record with JavaScript confirmation and then fire AJAX call to the delete action URL - is this secured? Does the delete action page implemented sufficient control?
• Folder with read & write permission for user uploading file - without limiting the file type that is acceptable by the web application, your website will have a security hole that can be exploited.
• Audit log should include the browser type, URL referrer and also the user's IP address. Without these information, it will be impossible to track who has accessed which feature/data.

My question is that do you have all your ASPX web page inherit from your custom page class or System.Web.UI.Page class? If you are using the later, then, you are letting your programmer to implement all kinds of security control that might have security loop hole.