Looking for library to protect classic ASP application against cross-site request forgery
Question
Can anyone recommend any out-of-the-box solutions that can protect a "classic" ASP application against cross-site request forgery? I'm looking for suggestions from folks who have actual experience with the product. In particular, pros, cons, and implementation gotchas relating to the product would be very helpful.
The ASP application is legacy and is slated for decommission, so I'm hoping to find a solution that integrates easily and with a minimum amount of impact to the app.
1 answers
solution1
1 ACCPTED 2011-05-13 09:32:16
Have you looked into using IIS level tools like UrlScan 3 ? We've used this with IIS 6 and classic ASP applications to successfully protect our systems from SQL injection and XSS vunerabilities. Plus it's FREE!
There's lots of helpful custom configuration tutorials if you want to enhance what is checked for. Read this article that covers specifically XSS.
We've also spent alot of time on re-developing our application code itself to protect against things like sql injection and people trying to post malicious scripts via url or form.
However UrlScan has provided a solid base for keeping our sites secure.
You can also look at products provided by Port80 Software .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.