Techniques to Secure Classic ASP App

Posted on 2008-11-10
Last Modified: 2012-05-05

Concerning a classic ASP web application, what are some things I can do to improve security?  I am looking for techniques I can use at the APPLICATION level (not server techniques).  In this case I am locked into using CLASSIC ASP.

Things I have done:
* Using SSL for all pages.
* Application password protected.  If more than three attempts user redirected to another site.  All pages test if there is a valid login.
* For form processing pages test if form page source came from IIS server.
* Encrypt any files stored on IIS server that the application uses.

Thanks for your advice,

Question by:michael4606
    LVL 7

    Accepted Solution

    Also make sure you are protected against sql injection attacks.

    Here's a good article about protecting yourself from SQL Injection attacks:
    LVL 36

    Assisted Solution

    by:Loganathan Natarajan
    one more,
    Proper Input Validation with all browser optimization to be done, if you have done any validation , can be verified with all the browsers .... for important forms, server side validation can be done for the inputs
    LVL 2

    Assisted Solution

    Along similar lines to norush's answer, as an extra fall-through, download and occasionally run the free injection scanner from here (which is classic asp) -
    (and have a look at its resources section; lots of other useful injection/xss notes there)

    That way if there are any gaps in your logic which get exploited you should be able to spot any effected data at the push of a button.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    This demonstration started out as a follow up to some recently posted questions on the subject of logging in: and…
    International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
    The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
    The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now