Abstract:

Debugging messages help attackers learn about the system and plan a form of attack.

Explanation:

ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and

should not be used in production environments. The debug attribute of the <compilation> tag defines whether compiled binaries

should include debugging information.

The use of debug binaries causes an application to provide as much information about itself as possible to the user. Debug

binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to

production. Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the

framework, database, or other resources used by the application.

Recommendations:

Always compile production binaries without debug enabled. This can be accomplished by setting the debug attribute to false on

the <compilation> tag in your application's configuration file, as follows:

<configuration>

<compilation debug="false">

...

</compilation>

...

</configuration>

Setting the debug attribute to false is necessary for creating a secure application. However, it is important that your application

does not leak important system information in other ways. Ensure that your code does not unnecessarily expose system

information that could be useful to an attacker.

ASP.NET Misconfiguration: Debug Information的更多相关文章

  1. TFS Build Error: CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB'

    CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB' -- 'c:\Builds\ ...

  2. docker-compose up 启动容器服务超时错误:ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    问题: 本人正在使用docker运行一个中型的项目,包含40多个微服务及相关的docker.由于docker-compose up 同时启动的服务过多,超过了请求HTTP限制的60s时间仍未全部成功启 ...

  3. ASP.NET Misconfiguration: Missing Error Handling

    Abstract: An ASP .NET application must enable custom error pages in order to prevent attackers from ...

  4. ASP.NET Misconfiguration: Excessive Session Timeout

    Abstract: An overly long authentication timeout gives attackers more time to potentially compromise ...

  5. ASP.NET Misconfiguration: Request Validation Disabled

    Abstract: Use the ASP.NET validation framework to prevent vulnerabilities that result from unchecked ...

  6. The following module was built either with optimizations enabled or witherout debug information

    出现这个问题的原因是这个程式有做版控,服务器上的版本比本机版本小 解决方式为:删除服务器上的版控或者本机版本改成与服务器一致即可

  7. ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information.

    docker-compose 的问题 要改环境变量 xed ~/.profile export COMPOSE_HTTP_TIMEOUT=500 export DOCKER_CLIENT_TIMEOU ...

  8. ASP里面令人震撼地自定义Debug类(VBScript)

    不知道用ASP写代码的朋友是不是和我有一样的感受,ASP中最头疼的就是调试程序的时候不方便 我想可能很多朋友都会用这样的方法“response.write ”,然后输出相关的语句来看看是否正确.前几天 ...

  9. Mac OS X 上安装 ASP.NET 5

    在Mac OS X Yosemite 10.10.3 中搭建第一个 ASP.NET 5 Web 项目 终于有时间在 Mac 上安装一下 ASP.NET 5,网上有许多教程,但是多数的时间比较早了,版本 ...

随机推荐

  1. 将JSON格式的时间/Date(2367828670431)/格式 转为正常的年-月-日 格式

    function formatDate(NewDtime) var dt = new Date(parseInt(NewDtime.slice(6, 19))); var year = dt.getF ...

  2. user.sh

    #!/bin/bash n=1 while [ $n -le 5 ] do n=$(( $n + 1 )) user=user$n userdel -r $user echo "$user ...

  3. Javascript 技巧集(1)

    1. 数组克隆, 使用 slice() 方法 var a1 = [1,2,3,4]; var a2 = a1.slice(); 2. 强制将变量值转化为 bool 类型,前置双感叹号 !! var a ...

  4. CentOS 7如何连接无线网络

    虽然查阅了相关网络资料,但是以下内容均为原创内容,只有干货,无废话. 1.切换到超级用户 [Oscar@localhost 桌面]$ su root 2.查询可用的无线网卡,其中红色为网卡号 [Osc ...

  5. [转载]反无人机企业DroneShield利用声音识别侦测无人机

    原文:http://www.cnbeta.com/articles/495071.htm 无人机产业正在蓬勃发展,受益的不仅仅是那些生产小型飞行设备的企业.专家估计仅在澳大利亚就有5万架商用无人机以及 ...

  6. 模块化编程时,#include到底要放在哪里?

    结合我自己的经验,谈一谈模块化编程时#include应该出现的位置.总结起来大体有二条规则: 一.规则1:只包含必要的头文件 看下面这个模块: ===foo.c==== #include <st ...

  7. OpenGL学习笔记5——嵌入Qt框架

    学习OpenGL也有段时间了,前几篇将GL最基本的画图过程解析了一下,后面进阶的就随项目需要再学.因为之前一直是用glut这个实用工具包来开发很方便,但是会附带一个控制台的窗口,实在觉得有些low,因 ...

  8. AE开发示例之GPBufferLayer

    using System; using System.Drawing;using System.Text;using System.Windows.Forms;using System.Runtime ...

  9. 【整理】C#文件操作大全(SamWang)<转>

    文件与文件夹操作主要用到以下几个类: 1.File类: 提供用于创建.复制.删除.移动和打开文件的静态方法,并协助创建 FileStream 对象. msdn:http://msdn.microsof ...

  10. java面向对象基础

    1.对象:用来描述客观事物的一个实体,由一组属性和方法构成. 属性:对象具有的各种特征.(成员变量) 方法:对象执行的操作. 2.类:一组具有相同属性和方法的对象的一个归纳类型.对象是类的一个具体表现 ...