Hi guys, recently there was an issue with a friends business web site, his site was hosted on the web using:

the developers had the following setup
a VM of Windows server 2008
and just an Installation of XAMPP from 2015
needless to say, the site was compromised.

the PHP codes, html and everything once i saw (even though i wont say I am pro, i realized its mostly copy paste, with bad editing) knew that the next web project has to be done properly.

So i would like to ask your recommendations or to point me to the right direction to ask the same question if possible.

The Site needs to be on Microsoft tech,
Windows server 2016, .Net, MySQL Server

what would your tech stack be, how would you go about it.

Site requirements are

Display information,
Accept documents, Store user information, security should be high

Please ask me any question and thank you for your help and time.