ASPX is the standard file extension for an ASP.NET web page. On Microsoft IIS, requests for an .aspx file are routed through the ASP.NET runtime, where server-side code can generate dynamic content before the response is sent to the browser. In normal applications, that means login forms, dashboards, and other interactive web features.
In cyber security, ASPX matters because attackers can abuse it as a web shell or hidden handler. A malicious .aspx file can look like routine application code while accepting HTTP requests and executing commands on the server. Defenders should treat unexpected ASPX files, new handler mappings, or changes in web directories as suspicious. Monitoring IIS logs, restricting write access, and validating deployed code help catch this abuse early.