Classic ASP Design Mistakes: OWASP & The Open Web Application Security Project

Who the hell still codes in old school ASP?

I still see classic ASP used for rapid prototyping and I work for a large org that had lots of old code all over the place so it is not uncommon to come across it as a professional software developer.

I get to work on and support a lot of stuff in my day job. C# MVC applications, Data Warehouses, Saleforce.com, Cloud Stuff, Legacy Code and how to tie all these things together.

ASP may be an old technology but I would suggest there a lot of reasons to use it including teaching computing programming and web development, prototyping and inexpensive solutions for businesses.

You can run it on your Windows 7 and later PCs and runs on every new Microsoft server I’ve encountered and it won’t cost your company a dime, it is already built-in.

Some others Devs scoff at using Classic ASP but it really does have quite a lot to offer and it does all of it with just 7 objects. The simplicity is its power, you can still do a lot of “bread and butter” web functionality including AJAX calls with classic ASP.

I’m not here to debate whether developing in Classic ASP is either good or bad but I’ll say in my defense, you have to pick a tech stack and stick to it long-term to get traction on a big project like my side gig, https://www.finditclassifieds.com which I’ve been working on in my spare time for 21 years now.

I really felt the need to pick a technology or two or three and just get really good at those and make a bet on which technologies would be in production the longest so I would not be slowed by having to learn new languages, frameworks, databases and operating systems all the time.

So far I’ve guessed right.  Over the years I’ve added PHP, Python and some others but form more of back end processing stuff.  ASP is always sitting on top with web services under the hood written in any language.

If you’re still coding in ASP or you would like to learn.

Check out the tutorials on the W3Schools website.

https://www.w3schools.com/Asp/

Also make sure you’re coding your Classic ASP as securely as possible.

The OWASP site was very helpful with their documentation on ASP coding errors to watch out for and brought some potential security issues to my attention and am better for it.

Make sure to learn about the Open Web Application Security Project and check out their references on the most common ASP designs that affect security.

https://www.owasp.org/index.php/Classic_ASP_Design_Mistakes

Author: Rick Cable / AKA Cyber Abyss

A 16 year US Navy Veteran with 25+ years experience in various IT Roles in the US Navy, Startups and Healthcare. Founder of FinditClassifieds.com in 1997 to present and co-founder of Sports Card Collector Software startup, LK2 Software 1999-2002. For last 7 years working as a full-stack developer supporting multiple agile teams and products in a large healthcare organization. Part-time Cyber Researcher, Aspiring Hacker, Lock Picker and OSINT enthusiast.