Classic ASP Security Project

Revision as of 18:54, 12 June 2008 by Jcmax (talk | contribs) (Status Update)

Jump to: navigation, search


Classic ASP 2.0 and 3.0 applications are still largely used as this technology is more than 10 years old and was largely used. there are thousands of sites on the wild that need guidance on the security arena. This is where OWASP can come up and provide help for “making the Web a better place” and continue spreading the word on security. I have always be a passionate of the technology (regardless of its inconveniences such as being old and DLL-hell prone) and I am really exited on the idea of sharing my knowledge of this area to the world and what best that though OWASP.


Create a secure framework for Classic ASP application by complementing existing OWASP projects with documentation for this particular technology and the creation of security libraries.

Deliverables and Progress

  • Creation of a Common Object Repository for ASP applications based on OWASP ESAPI Project including objects and/or references to libraries for security applications all this aligned with OWASP Top10 and OWASP Guide.
In Progress
  • Create Documentation aligned to OWASP Code Review Project Checklist providing additional technology-specific checks
Done - Jun 8, 2008
  • Addition of expression for Code Review Tool to support Classic ASP applications
Done - Jun 12, 2008
  • Implementation of Version 1 of Stinger for ASP either by using an installable COM library or ISAPI.
Not Started
  • This same module will compliment the OWASP Validation Documentation Project.
Not Started