Abstract:

Debugging messages help attackers learn about the system and plan a form of attack.

Explanation:

ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and

should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries

should include debugging information.

The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug

binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to

production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the

framework, database, or other resources used by the application.

Recommendations:

Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on

the <compilation> tag in your application's configuration file, as follows:

<configuration>

<compilation debug="false">

...

</compilation>

...

</configuration>

Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application

does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system

information that could be useful to an attacker.

ASP.NET Misconfiguration: Debug Information的更多相关文章

  1. TFS Build Error: CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB'

    CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB' -- 'c:\Builds\ ...

  2. docker-compose up 启动容器服务超时错误:ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    问题: 本人正在使用docker运行一个中型的项目,包含40多个微服务及相关的docker.由于docker-compose up 同时启动的服务过多,超过了请求HTTP限制的60s时间仍未全部成功启 ...

  3. ASP.NET Misconfiguration: Missing Error Handling

    Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from ...

  4. ASP.NET Misconfiguration: Excessive Session Timeout

    Abstract: An overly long authentication timeout gives attackers more time to potentially compromise ...

  5. ASP.NET Misconfiguration: Request Validation Disabled

    Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked ...

  6. The following module was built either with optimizations enabled or witherout debug information

    出现这个问题的原因是这个程式有做版控,服务器上的版本比本机版本小 解决方式为:删除服务器上的版控或者本机版本改成与服务器一致即可

  7. ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    docker-compose 的问题 要改环境变量 xed ~/.profile export COMPOSE_HTTP_TIMEOUT=500 export DOCKER_CLIENT_TIMEOU ...

  8. ASP里面令人震撼地自定义Debug类(VBScript)

    不知道用ASP写代码的朋友是不是和我有一样的感受,ASP中最头疼的就是调试程序的时候不方便 我想可能很多朋友都会用这样的方法“response.write ”,然后输出相关的语句来看看是否正确.前几天 ...

  9. Mac OS X 上安装 ASP.NET 5

    在Mac OS X Yosemite 10.10.3 中搭建第一个 ASP.NET 5 Web 项目 终于有时间在 Mac 上安装一下 ASP.NET 5,网上有许多教程,但是多数的时间比较早了,版本 ...

随机推荐

  1. SOA 面向服务的体系结构

    SOA:面向服务的体系结构(service-oriented architecture) 是一个组件模型,它将应用程序的不同功能单元(称为服务)通过这些服务之间定义良好的接口和契约联系起来. 接口是采 ...

  2. .NET 开发快捷键大全

    序号 快捷键 说明 1 Ctrl + Tab 切换当前编辑视图 2 Ctrl + Shift + Tab 反向切换当前编辑视图 3 F7 将窗体设计视图转成其代码视图 4 Shift + F7 将代码 ...

  3. 2017微软秋招A题

    时间限制:10000ms 单点时限:1000ms 内存限制:256MB 描述 There is an integer array A1, A2 ...AN. Each round you may ch ...

  4. viewPager--viewpager时,发生内存溢出OOM问题

    两个问题:1.如果图片达到500kb每张,你这个划屏会有顿卡:2.快速滑动有出现0.几秒的白屏.图片越大,顿卡越明显. 回复parcool:500kb的背景算大的了,如果是想做图片墙,viewpage ...

  5. UIButton的titleLabe setAttributeSting 首次不起作用

    环境xcode7.3 ios9.3 真机模拟器均出现 UIButton的titleLabe setAttributeSting 首次不起作用,之后每一次 都正常,百思不得解,无奈之下改变策略,讲but ...

  6. Linux中执行shell脚本的4种方法总结

    bash shell 脚本的方法有多种,现在作个小结.假设我们编写好的shell脚本的文件名为hello.sh,文件位置在/data/shell目录中并已有执行权限. 方法一:切换到shell脚本所在 ...

  7. fdisk -c 0 350 1000 300命令

    在Linux中有一个fdisk的分区命令,在对开发板的nand或者emmc分区也会用到这个命令, fdisk -c 这里0 350 1000 300分别代表: 每个扇区大小为0,一共350个柱面,起始 ...

  8. JE22环境安装配置(JDK/ANT/TOMCAT/ECLIPSE)

    文章中不涉及安装的均为解压即可直接使用的 1.安装JDK最新的J2EE安装会默认安装GlassFish,安装Java SDK就足够了,不是非要装JavaEE SDK,因为Tomcat的lib目录下,已 ...

  9. [POJ2096] Collecting Bugs (概率dp)

    题目链接:http://poj.org/problem?id=2096 题目大意:有n种bug,有s个子系统.每天能够发现一个bug,属于一个种类并且属于一个子系统.问你每一种bug和每一个子系统都发 ...

  10. mvc action controller area

    获取控制器名称: ViewContext.RouteData.Values["controller"].ToString(); 获取Action名称: ViewContext.Ro ...