Concerning a classic ASP web application, what are some things I can do to improve security? I am looking for techniques I can use at the APPLICATION level (not server techniques). In this case I am locked into using CLASSIC ASP.
Things I have done:
* Using SSL for all pages.
* Application password protected. If more than three attempts user redirected to another site. All pages test if there is a valid login.
* For form processing pages test if form page source came from IIS server.
* Encrypt any files stored on IIS server that the application uses.
Thanks for your advice,