ASP security in HTML pages

• Previous message: Kelly Martin: "SF new article announcement - Securing Apache 2: Step-by-Step"
• Next in thread: Lucas Holt: "Re: ASP security in HTML pages"
• Reply: Lucas Holt: "Re: ASP security in HTML pages"
• Maybe reply: Wolf, Yonah: "RE: ASP security in HTML pages"
• Maybe reply: Scovetta, Michael V: "RE: ASP security in HTML pages"
• Reply: Nasir Ghaznavi: "Re: ASP security in HTML pages"
• Reply: Mike: "Re: ASP security in HTML pages"
• Maybe reply: Bénoni MARTIN: "RE: ASP security in HTML pages"
• Maybe reply: Steve McCullough: "RE: ASP security in HTML pages"
• Maybe reply: Scovetta, Michael V: "RE: ASP security in HTML pages"
• Maybe reply: Calderon, Juan Carlos (GE Commercial Finance, NonGE): "RE: ASP security in HTML pages"
• Maybe reply: Dinis Cruz: "RE: ASP security in HTML pages"
• Maybe reply: Calderon, Juan Carlos (GE Commercial Finance, NonGE): "RE: ASP security in HTML pages"
• Maybe reply: Calderon, Juan Carlos (GE Commercial Finance, NonGE): "RE: ASP security in HTML pages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 22 Jun 2004 12:42:02 +0100
To: <security-basics@securityfocus.com>, <webappsec@securityfocus.com>

Hi list,

I have been googling around to know how secure can be ASP code, and I found what follows:
- For a newbee, impossible to get the asp scripts inserted in an HTML page as they are not displayed in the client's browser,
- Instead of just letting the ASP code in the HTML pages, we can create some DLLs for example, but a not-to-bad skilled hacker can get and reverse them.

So, my question to you, skilled-people :) is: is there a way to get the asp scripts in a page the server does not send when a client's request arrives? There should be a way to ^perform that, but how tough is it?

Thanks in advance, folks!

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Kelly Martin: "SF new article announcement - Securing Apache 2: Step-by-Step"
• Next in thread: Lucas Holt: "Re: ASP security in HTML pages"
• Reply: Lucas Holt: "Re: ASP security in HTML pages"
• Maybe reply: Wolf, Yonah: "RE: ASP security in HTML pages"
• Maybe reply: Scovetta, Michael V: "RE: ASP security in HTML pages"
• Reply: Nasir Ghaznavi: "Re: ASP security in HTML pages"
• Reply: Mike: "Re: ASP security in HTML pages"
• Maybe reply: Bénoni MARTIN: "RE: ASP security in HTML pages"
• Maybe reply: Steve McCullough: "RE: ASP security in HTML pages"
• Maybe reply: Scovetta, Michael V: "RE: ASP security in HTML pages"
• Maybe reply: Calderon, Juan Carlos (GE Commercial Finance, NonGE): "RE: ASP security in HTML pages"
• Maybe reply: Dinis Cruz: "RE: ASP security in HTML pages"
• Maybe reply: Calderon, Juan Carlos (GE Commercial Finance, NonGE): "RE: ASP security in HTML pages"
• Maybe reply: Calderon, Juan Carlos (GE Commercial Finance, NonGE): "RE: ASP security in HTML pages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]