Need to know about the vulnerabilities of asp website

[KennedII]

How better to guard against hackers, I have to mention the personal opinions! First, the free program does not have a use for free, since you can share the original code, then the attacker can be analyzed the same code. If the details are wary, so your site's security is greatly increased. So even if there is SQL Injection vulnerability, an attacker can not immediately win your site. There are number of vulnerabilities like these and I want to know more about these kinds of vulnerabilities and if possible please also mention solution for that.

[Jackson2]

The user name and password, hackers are often most interested in things, if in some way to see the source code, the consequences are serious.
The possible solution for this problem is mentioned below. Involving the user name and password procedure is best encapsulated in the server side, to minimize the file appears in the ASP involved with the database connection user name and password should be given minimal privileges. Multiple occurrences of the user name and password can be written in a more hidden location that contains files. If it involves with the database connection, in an ideal state, only to give it permission to execute a stored procedure, do not directly give the user modify, insert, delete records of permissions.

[Techno01]

We need a proven ASP program mostly in the page head, plus an execution, but that was not enough, there may be a hacker to bypass authentication directly.
To avoid this problem the need for a proven ASP pages, can be tracked on a page file name, only the side switch to come in from the previous session to read this page.

[Trio]

When there is production of ASP's home page and do not be completed before the final debugging and can be appended in certain search engines for the search object mobility. If this is the time people using search engines to find these pages, will be the positioning of the relevant documents, and can view in your browser to the database location and details of the structure, and thus reveal the complete source code.
Web programmer should it conduct a thorough pre-release debugging; security expert will need to reinforce ASP file so that external users cannot see them. Inc contents of the file is encrypted, and then you can use. Asp files instead of. Inc files so that users can not view the file directly from the browser's source code. Inc file names do not use the system default or have special meaning easy to guess the name of the user to make use of non-rules of English letters.

[deveritt]

In some editing tools in the ASP program, when you create or modify an ASP file, the editor automatically creates a backup file, for example: Ultra Edit will back up one. Bak files, if you create or modify a some.asp, the editor will automatically generate a file called some.asp.bak, if you do not delete the bak file, an attacker can download some.asp.bak files, such some.asp source code will be downloaded.
To avoid this Upload program prior to double-check, delete unnecessary documents. With BAK as the suffix for the file to be especially careful.

[Techguru01]

Input box is a hacker used an objective, they can by entering a scripting language such as damage caused to the user client; if the input box related to data query, they will use a special query and get more database data, and even the table all. Must therefore be to filter the input box. However, if only in order to improve the efficiency of the legitimacy of the client for input checking, there is still likely to be bypassed.
In dealing with a similar message board, BBS, etc. into the box ASP program, the best screen out HTML, JavaScript, VBScript statements, such as no special requirements, you can limit the number allowed to enter letters and numbers, masked special characters. The same time, restrict the length of input character. And not only the legitimacy of the client for input checking, while the server-side program, similar checks.