Abstract:

Debugging messages help attackers learn about the system and plan a form of attack.

Explanation:

ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and

should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries

should include debugging information.

The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug

binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to

production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the

framework, database, or other resources used by the application.

Recommendations:

Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on

the <compilation> tag in your application's configuration file, as follows:

<configuration>

<compilation debug="false">

...

</compilation>

...

</configuration>

Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application

does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system

information that could be useful to an attacker.

ASP.NET Misconfiguration: Debug Information的更多相关文章

  1. TFS Build Error: CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB'

    CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB' -- 'c:\Builds\ ...

  2. docker-compose up 启动容器服务超时错误:ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    问题: 本人正在使用docker运行一个中型的项目,包含40多个微服务及相关的docker.由于docker-compose up 同时启动的服务过多,超过了请求HTTP限制的60s时间仍未全部成功启 ...

  3. ASP.NET Misconfiguration: Missing Error Handling

    Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from ...

  4. ASP.NET Misconfiguration: Excessive Session Timeout

    Abstract: An overly long authentication timeout gives attackers more time to potentially compromise ...

  5. ASP.NET Misconfiguration: Request Validation Disabled

    Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked ...

  6. The following module was built either with optimizations enabled or witherout debug information

    出现这个问题的原因是这个程式有做版控,服务器上的版本比本机版本小 解决方式为:删除服务器上的版控或者本机版本改成与服务器一致即可

  7. ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    docker-compose 的问题 要改环境变量 xed ~/.profile export COMPOSE_HTTP_TIMEOUT=500 export DOCKER_CLIENT_TIMEOU ...

  8. ASP里面令人震撼地自定义Debug类(VBScript)

    不知道用ASP写代码的朋友是不是和我有一样的感受,ASP中最头疼的就是调试程序的时候不方便 我想可能很多朋友都会用这样的方法“response.write ”,然后输出相关的语句来看看是否正确.前几天 ...

  9. Mac OS X 上安装 ASP.NET 5

    在Mac OS X Yosemite 10.10.3 中搭建第一个 ASP.NET 5 Web 项目 终于有时间在 Mac 上安装一下 ASP.NET 5,网上有许多教程,但是多数的时间比较早了,版本 ...

随机推荐

  1. iis 7.5 0x80004005 静态文件 html、js、css 500错误

    环境:iis 7.5 win7 64位 vs2012 问题:本地环境F5直接运行,没有任何问题,发布到IIS,静态文件不能访问,出现500错误,网上找了一堆解决办法,排除路径不正确,iis全部功能勾了 ...

  2. linux的零碎使用

    一.Linux(rehat.centos.ubuntu...)基础知识 上午: putty软件连接linux服务器: [root @ foundation2   ~ ]         # 用户名   ...

  3. java读取文件内容

    获取文件内容 picurl = "http://www.baidu.com/data.txt"; URL urlfile = new URL(picurl); BufferedRe ...

  4. CSS的一些简单概念

    行内元素与块级元素 在标准文档流里面,块级元素具有以下特点: ①总是在新行上开始,占据一整行:②高度,行高以及外边距和内边距都可控制:③宽带始终是与浏览器宽度一样,与内容无关:④它可以容纳内联元素和其 ...

  5. 黄聪:css3实现图片划过一束光闪过效果(图片光影掠过效果)

    CSS代码 .guangshu { display:block; position: relative; width:800px; height:450px; margin:0 auto;} .gua ...

  6. Eclipse调试时附加匹配版本的JAR包源码:Edit Source Loopup

  7. spring mvc 删除返回字符串中值为null的字段

    在spring的配置文件中进行一下配置: <bean class="org.springframework.web.servlet.mvc.method.annotation.Requ ...

  8. DELL PowerEdge 2950更换告警硬盘

    硬盘为SAS300G15K,四块,3#告警,打算还掉,在R900上找到一块对应的硬盘直接换下. 进入控制台后发现硬盘阵列里还是只有三块硬盘,物理磁盘倒是有四块,新插上的一块状态为“外部”,其他状态是“ ...

  9. OpenStreetMap/Google/百度/Bing瓦片地图服务(TMS)

    开源与成熟商业的瓦片地图服务(TMS  2  WMTS),都有如下共同的特性,基本成为了标准: (1) 坐标系:WGS84 (2) 投影:墨卡托投影(Marcator,正轴等角圆柱投影) ------ ...

  10. Maven(一)maven环境搭建

    1.下载maven安装文件 https://maven.apache.org/download.cgi#,根据自己的需要下载对应版本 2. 配置maven环境变量,和java环境变量配置方式类似.   ...