Without much fanfare here it is: I depend on the Windows NT operating system to handle security features in my ASP solutions. I have no trouble creating a single point failure: the operating system itself. When something goes wrong in terms of security both Microsoft and myself can share the blame!

The IIS user IUSR_<Machine Name> and the NTFS file system are the starting points in the quest for tight ASP security. Fore more details we have:

Implementing a Secure Site with ASP
http://msdn.microsoft.com/library/backgrnd/html/msdn_implement.htm

IIS: Authentication & Security Features
http://support.microsoft.com/support/kb/articles/Q142/8/68.ASP

When ASP pages connect to a SQL database, I avoid storing passwords in the ASP files by depending on ADO to connect via NT security. This implies that IUSR_<Machine Name> has the ability to connect to SQL server. This idea is based on reading the following:

Microsoft SQL Server 7.0 Security
http://msdn.microsoft.com/library/techart/sql7security.htm

HOWTO: Connect to the Microsoft SQL Server Through the Use of Named Pipes 
http://support.microsoft.com/support/kb/articles/Q159/9/76.ASP

INF: Authentication Methods for Connections to SQL Server in Active Server Pages
http://support.microsoft.com/support/kb/articles/Q247/9/31.ASP

If I run into any problems while implementing security features, I should refer the following:

Users Cannot Access FTP or Web Site 
http://support.microsoft.com/support/kb/articles/Q185/3/77.ASP

List of NTFS Permissions Required for IIS Site to Work 
http://support.microsoft.com/support/kb/articles/Q187/5/06.ASP

Default NTFS Permissions in Windows NT
http://support.microsoft.com/support/kb/articles/Q148/4/37.asp

Cannot Create Object Error when Browsing ASP Pages 
http://support.microsoft.com/support/kb/articles/Q201/7/40.ASP

Using The Auditing Tool to Solve Authenticationess Issues
http://www.15seconds.com/howto/pg003230.htm