Techniques to Secure Classic ASP App


Concerning a classic ASP web application, what are some things I can do to improve security?  I am looking for techniques I can use at the APPLICATION level (not server techniques).  In this case I am locked into using CLASSIC ASP.

Things I have done:
* Using SSL for all pages.
* Application password protected.  If more than three attempts user redirected to another site.  All pages test if there is a valid login.
* For form processing pages test if form page source came from IIS server.
* Encrypt any files stored on IIS server that the application uses.

Thanks for your advice,

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Also make sure you are protected against sql injection attacks.

Here's a good article about protecting yourself from SQL Injection attacks:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Loganathan NatarajanLAMP DeveloperCommented:
one more,
Proper Input Validation with all browser optimization to be done, if you have done any validation , can be verified with all the browsers .... for important forms, server side validation can be done for the inputs
Along similar lines to norush's answer, as an extra fall-through, download and occasionally run the free injection scanner from here (which is classic asp) -
(and have a look at its resources section; lots of other useful injection/xss notes there)

That way if there are any gaps in your logic which get exploited you should be able to spot any effected data at the push of a button.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.