Programmer's Ultimate Security DeskRef

Prototype: Application.Lock
Summary: This method is used to prevent the modification of variables stored in the application object.
Description: The Lock method is used to prevent all clients, excluding the current client, from accessing and manipulating variables stored in the application object. All variables will remain locked until the corresponding "Unlock" method is called or the session is terminated.
Risk: The application.lock method is designed to create file/object locks to system variables. Uncontrolled access to this method creates the ability to lock and unlock resources that may be in use by other processes. This results in corrupted data or denied access to necessary resources.
Additional Resources: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdo/html/_denali_newmail_object_cdonts_library_.asp
Impact: Low
Prototype: ASPError.ASPCode()
Summary: This method is used to return an IIS generated error code.
Description: The aspcode method returns an IIS generated error code as a string.
Risk: Error codes thrown by the application should be handled within the application and not propagated to the end user. Malicious users can use error codes reference codes to gain additional error descriptions. It is critical to contain and prevent end-user access since error information can result in the disclosure of vital system information including: system configuration, application configuration, memory references, etc.
Additional Resources: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cdo/html/_denali_newmail_object_cdonts_library_.asp
Impact: Low
Prototype: ASPError.ASPDescription()
Summary: This method is used to return a description of the error.
Description: The aspdescription method returns a full detailed description of the error generated, if available. This description is returned as a string.