Looking for library to protect classic ASP application against cross-site request forgery [closed]
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this questionCan anyone recommend any out-of-the-box solutions that can protect a "classic" ASP application against cross-site request forgery? I'm looking for suggestions from folks who have actual experience with the product. In particular, pros, cons, and implementation gotchas relating to the product would be very helpful.
The ASP application is 开发者_如何学JAVAlegacy and is slated for decommission, so I'm hoping to find a solution that integrates easily and with a minimum amount of impact to the app.
Have you looked into using IIS level tools like UrlScan 3? We've used this with IIS 6 and classic ASP applications to successfully protect our systems from SQL injection and XSS vunerabilities. Plus it's FREE!
There's lots of helpful custom configuration tutorials if you want to enhance what is checked for. Read this article that covers specifically XSS.
We've also spent alot of time on re-developing our application code itself to protect against things like sql injection and people trying to post malicious scripts via url or form.
However UrlScan has provided a solid base for keeping our sites secure.
You can also look at products provided by Port80 Software.
精彩评论