Abstract:

Debugging messages help attackers learn about the system and plan a form of attack.

Explanation:

ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and

should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries

should include debugging information.

The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug

binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to

production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the

framework, database, or other resources used by the application.

Recommendations:

Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on

the <compilation> tag in your application's configuration file, as follows:

<configuration>

<compilation debug="false">

...

</compilation>

...

</configuration>

Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application

does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system

information that could be useful to an attacker.

ASP.NET Misconfiguration: Debug Information的更多相关文章

  1. TFS Build Error: CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB'

    CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB' -- 'c:\Builds\ ...

  2. docker-compose up 启动容器服务超时错误:ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    问题: 本人正在使用docker运行一个中型的项目,包含40多个微服务及相关的docker.由于docker-compose up 同时启动的服务过多,超过了请求HTTP限制的60s时间仍未全部成功启 ...

  3. ASP.NET Misconfiguration: Missing Error Handling

    Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from ...

  4. ASP.NET Misconfiguration: Excessive Session Timeout

    Abstract: An overly long authentication timeout gives attackers more time to potentially compromise ...

  5. ASP.NET Misconfiguration: Request Validation Disabled

    Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked ...

  6. The following module was built either with optimizations enabled or witherout debug information

    出现这个问题的原因是这个程式有做版控,服务器上的版本比本机版本小 解决方式为:删除服务器上的版控或者本机版本改成与服务器一致即可

  7. ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    docker-compose 的问题 要改环境变量 xed ~/.profile export COMPOSE_HTTP_TIMEOUT=500 export DOCKER_CLIENT_TIMEOU ...

  8. ASP里面令人震撼地自定义Debug类(VBScript)

    不知道用ASP写代码的朋友是不是和我有一样的感受,ASP中最头疼的就是调试程序的时候不方便 我想可能很多朋友都会用这样的方法“response.write ”,然后输出相关的语句来看看是否正确.前几天 ...

  9. Mac OS X 上安装 ASP.NET 5

    在Mac OS X Yosemite 10.10.3 中搭建第一个 ASP.NET 5 Web 项目 终于有时间在 Mac 上安装一下 ASP.NET 5,网上有许多教程,但是多数的时间比较早了,版本 ...

随机推荐

  1. Mac下Virtual Box Host-Only网络配置

    Mac下的虚拟机其实有很多,Parallels.VMware Fusion.Virtual Box都不错,Parallels是目前试过感觉最好的,Fusion装64位系统驱动支持似乎不完善,而且混合模 ...

  2. AES--高级数据加密标准

    AES--高级数据加密标准 对称密码体制的发展趋势将以分组密码为重点.分组密码算法通常由密钥扩展算法和加密(解密)算法两部分组成.密钥扩展算法将b字节用户主密钥扩展成r个子密钥.加密算法由一个密码学上 ...

  3. AOP的基本概念

    1)aspect(切面):实现了cross-cutting功能,是针对切面的模块.最常见的是logging模块,这样,程序按功能被分为好几层,如果按传统的继承的话,商业模型继承日志模块的话根本没有什么 ...

  4. Linux通过NAT方式配置网络

    步骤:1.将虚拟机的网卡VMware Network Adapter VMnet8改成DHCP自动获取IP.2.将Linux虚拟机的网卡自定义连接到VMware Network Adapter VMn ...

  5. 使用Grunt 插件打包Electron Windows应用

    最近利用Electron来创建跨桌面应用的趋势似乎很火.看了几个用Electron开发的应用,这些应用在windows下面的安装方式,都是类似一个绿色软件的安装方法,下载.zip->解压到相应目 ...

  6. WindowsFormsHost使用问题

    WindowsFormsHost使用问题 WPF WindowsFormsHost 类 允许在 WPF 页面上承载 Windows Forms控件的元素. 命名空间:  System.Windows. ...

  7. java中Collection和Collections的区别

    1.Collection: 它是java集合类的一个通用接口,所有集合类都实现的它 2.Collections: 它是一个封装集合类常用工具方法的类,不能被示例化,只支持静态调用

  8. EF执行SQL

    1.EntityFramework 执行SQL语句进行参数化查询代码示例 参考:http://blog.csdn.net/chz_cslg/article/details/49002093

  9. [Fraud] China UnionPay defrauded in Macau money laundering scandal

    Source: http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20140510000005&cid=1103 China Un ...

  10. php面向对象学习笔记

    PHP 面向对象技术(全面讲解) Ø 主要内容 v 1.面向对象的概念 v 2.什么是类,什么是对象,类和对象之间的关系 v 3.什么是面向对象编程呢? v 4.如何抽象出一个类? v 5.如何实例化 ...