1. Turn on the healthy paranoia mode and forget the bare tftp / ftp
3. Save the current config, copy it to the computer.
Preparing a config file. Drive commands into it, as if you were in the console and configure the piece of iron in config-mode. That is, if you want to change the ip on the interface, write:
int gig1/0/1
no ip add
ip add 1.1.1.1 255.255.255.252
if you want to change the route:
no ip route
ip route $something
I think you understand. The main thing is to anticipate how the ASA will react to commands and remember to take this into account in the file.
2. ASA must support scp. Here is a guide on how to set up and upload the config file
3. In case of an error and loss of access, we plan to reboot in 10 minutes:
# reload in 10
4. Just activate the changes:
#(config) copy flash:changes.txt running-config
5. Check the result. If unsuccessful, the ASA will reboot on the old startup-config and it will be possible to correct the errors and repeat the procedure.
If, for some reason, scp does not work, you can copy the change file via tftp via easyVPN (which will need to be raised between the workstation and the ASA), but that's another story

As an option, merge the config via tftp, change it and upload the changed back. If everything is OK, do wr.