Abstract:

Debugging messages help attackers learn about the system and plan a form of attack.

Explanation:

ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and

should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries

should include debugging information.

The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug

binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to

production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the

framework, database, or other resources used by the application.

Recommendations:

Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on

the <compilation> tag in your application's configuration file, as follows:

<configuration>

<compilation debug="false">

...

</compilation>

...

</configuration>

Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application

does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system

information that could be useful to an attacker.

ASP.NET Misconfiguration: Debug Information的更多相关文章

  1. TFS Build Error: CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB'

    CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB' -- 'c:\Builds\ ...

  2. docker-compose up 启动容器服务超时错误:ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    问题: 本人正在使用docker运行一个中型的项目,包含40多个微服务及相关的docker.由于docker-compose up 同时启动的服务过多,超过了请求HTTP限制的60s时间仍未全部成功启 ...

  3. ASP.NET Misconfiguration: Missing Error Handling

    Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from ...

  4. ASP.NET Misconfiguration: Excessive Session Timeout

    Abstract: An overly long authentication timeout gives attackers more time to potentially compromise ...

  5. ASP.NET Misconfiguration: Request Validation Disabled

    Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked ...

  6. The following module was built either with optimizations enabled or witherout debug information

    出现这个问题的原因是这个程式有做版控,服务器上的版本比本机版本小 解决方式为:删除服务器上的版控或者本机版本改成与服务器一致即可

  7. ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    docker-compose 的问题 要改环境变量 xed ~/.profile export COMPOSE_HTTP_TIMEOUT=500 export DOCKER_CLIENT_TIMEOU ...

  8. ASP里面令人震撼地自定义Debug类(VBScript)

    不知道用ASP写代码的朋友是不是和我有一样的感受,ASP中最头疼的就是调试程序的时候不方便 我想可能很多朋友都会用这样的方法“response.write ”,然后输出相关的语句来看看是否正确.前几天 ...

  9. Mac OS X 上安装 ASP.NET 5

    在Mac OS X Yosemite 10.10.3 中搭建第一个 ASP.NET 5 Web 项目 终于有时间在 Mac 上安装一下 ASP.NET 5,网上有许多教程,但是多数的时间比较早了,版本 ...

随机推荐

  1. [2014.01.27]wfPrintOcx 票据打印控件 v5.3

    支持选择打印机,并自动记忆选择的打印机. 适合打印各类票据格式. 支持画正方形.长方形.圆形.椭圆.横线.竖线.HTTP图片. 支持数字金额转换成中文大写金额. 可以设置固定宽度的文字自动换行. 组件 ...

  2. ThoughtWorks.QRCode源码

    http://files.cnblogs.com/files/xiaoyu369/ThoughtWorks.QRCode.rar

  3. 《大型网站系统与Java中间件实践》读书笔记

    分布式系统的基础知识 阿姆达尔定律 多线程交互模式 互不通信,没有交集,各自执行各自的任务和逻辑 基于共享容器(如队列)协同的多线程模式->生产者-消费者->队列 通过事件协同的多线程模式 ...

  4. 承接cardboard外包,unity3d外包(北京动软— 谷歌CARDBOARD真强大)

    手把手教你玩转googlecardboard[不知道在这里发可以不?] 谷歌Google I/O开发者大会于北京时间6月26日0点在美国旧金山举行,谷歌发布了Android L手机系统:Android ...

  5. AngularJS---表达式

    AngularJS的表达式是放在{{}}里面,用{{ }}符号将一个变量绑定到$scope上. angularJS中的表达式有如下特点: 1.只能在其所属作用域内部 所有的表达式都在其所属的作用域内部 ...

  6. rails下自动更新静态文件的gem包

    https://github.com/guard/guard-livereload gemfile group :development do gem 'guard-livereload', '~&g ...

  7. [转]细说Redis监控和告警

    原文  https://zhuoroger.github.io/2016/08/20/redis-monitor-and-alarm/? 对于任何应用服务和组件,都需要一套完善可靠谱监控方案. 尤其r ...

  8. Mac下安装nginx

    试图折腾了一下手动安装,太多依赖,繁琐的要死.只好装了一个homebrew , 具体安装homebrew的教程网上查吧,就是一句话(ruby -e "$(curl -fsSL https:/ ...

  9. dos笔记

    MS DOS 命令大全 一.基础命令 1 dir 无参数:查看当前所在目录的文件和文件夹. /s:查看当前目录已经其所有子目录的文件和文件夹. /a:查看包括隐含文件的所有文件. /ah:只显示出隐含 ...

  10. 关于URLEnCode,URLDeCode,Base64,公钥私钥

    1.Base64非常适合http.mime协议,所以在一些类似webservice中可以用Base64. 用法如下:传出去之前先 Convert.ToBase64String(encryptedByt ...