ASP Scan rules
Contrast Scan supports these rules for ASP.
Severity | Contrast rule | Engine rule ID | Description |
|---|---|---|---|
Critical | ASP Avoid Page Transfer | OPT.ASP.ASP_FMT.ASP_AvoidPageTransfer | ASP_AvoidPageTransfer: Avoid redirections between ASP pages |
Critical | ASP Naming Convention | OPT.ASP.ASP_NAM.ASP_NamingConvention | ASP_NamingConvention: Identifier names (variables, constants, procedures) in ASP must follow naming standard |
Critical | ASP Page Name | OPT.ASP.ASP_NAM.ASP_PageName | ASP_PageName: ASP page names must follow a naming standard |
Critical | ASP SQL Injection | OPT.ASP.ASP_SEC.ASP_SqlInjection | ASP_SqlInjection: Checks for SQL injection vulnerabilities |
High | ASP Avoid Document Write | OPT.ASP.ASP_FMT.ASP_AvoidDocumentWrite | ASP_AvoidDocumentWrite: Insertion of HTML code from ASP file including document.write commands |
High | ASP No Java Script | OPT.ASP.ASP_FMT.ASP_NoJavaScript | ASP_NoJavaScript: Do not include directly JavaScript functions in ASP pages |
High | ASP Use Option Explicit | OPT.ASP.ASP_FMT.ASP_UseOptionExplicit | ASP_UseOptionExplicit: Option Explicit must be used in every ASP page |
High | ASP Use Stored Procedures | OPT.ASP.ASP_UseStoredProcedures | ASP_UseStoredProcedures: ASP pages must perform database operations using stored procedures |
Info | Use Header Comment | OPT.ASP.ASP_DOC.UseHeaderComment | UseHeaderComment: A proper comment must be placed at the top of every ASP page |
Info | ASP No Use HTML Comments | OPT.ASP.ASP_FMT.ASP_NoUseHTMLComments | ASP_NoUseHTMLComments: Do not use HTML comments |
Low | ASP Avoid Styles | OPT.ASP.ASP_FMT.ASP_AvoidStyles | ASP_AvoidStyles: Do not encode style information in HTML code in ASP pages |
Medium | Avoid Data Base Access | OPT.ASP.ASP_DB.AvoidDataBaseAccess | AvoidDataBaseAccess: Avoid database access from ASP pages |
Medium | ASP Avoid Duplicate Files | OPT.ASP.ASP_FMT.ASP_AvoidDuplicateFiles | ASP_AvoidDuplicateFiles: Duplicated ASP pages in different places |
Medium | ASP Avoid Empty Pages | OPT.ASP.ASP_FMT.ASP_AvoidEmptyPages | ASP_AvoidEmptyPages: Do not add empty ASP pages to the site |
Medium | ASP Iframes Without Src | OPT.ASP.ASP_FMT.ASP_IframesWithoutSrc | ASP_IframesWithoutSrc: No dejar el elemento iframes sin atributo src |
Medium | ASP No Commented Java Script | OPT.ASP.ASP_FMT.ASP_NoCommentedJavaScript | ASP_NoCommentedJavaScript: Do not leave commented JavaScript code in ASP page |