Abstract:

An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the

framework's built-in error responses.

Explanation:

ASP .NET applications should be configured to use custom error pages instead of the framework default page. The default error

page gives detailed information about the error that occurred, and should not be used in production environments. The mode

attribute of the <customErrors> tag defines whether custom or default error pages are used.

Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework,

database, or other resources used by the application.

Recommendations:

Always enable custom error pages for production deployment. This can be accomplished by setting the mode attribute to On on

the <customErrors> tag in your application's configuration file and setting the property to point to your custom error page, such

as error.aspx in the example below.

<configuration>

<customErrors mode="On" defaultRedirect="error.aspx"/>

...

</configuration>

Custom error pages can also be configured at a more granular level in the <appSettings> section of the ASP .NET configuration

file. When you customize these settings and implement your custom error pages, be certain they do not leak any of the system

information that you are trying to protect by replacing the framework defaults. Error pages should never display specific

information about the application or any of the resources it uses. In particular, displaying stack traces and other execution

specifics should always be avoided.

ASP.NET Misconfiguration: Missing Error Handling的更多相关文章

  1. Error Handling in ASP.NET Core

    Error Handling in ASP.NET Core 前言  在程序中,经常需要处理比如 404,500 ,502等错误,如果直接返回错误的调用堆栈的具体信息,显然大部分的用户看到是一脸懵逼的 ...

  2. ASP.NET Error Handling

    https://docs.microsoft.com/en-us/aspnet/web-forms/overview/getting-started/getting-started-with-aspn ...

  3. Demystifying ASP.NET MVC 5 Error Pages and Error Logging

    出处:http://dusted.codes/demystifying-aspnet-mvc-5-error-pages-and-error-logging Error pages and error ...

  4. Error Handling

    Use Exceptions Rather Than Return Codes Back in the distant past there were many languages that didn ...

  5. beam 的异常处理 Error Handling Elements in Apache Beam Pipelines

    Error Handling Elements in Apache Beam Pipelines Vallery LanceyFollow Mar 15 I have noticed a defici ...

  6. 19 Error handling and Go go语言错误处理

    Error handling and Go go语言错误处理 12 July 2011 Introduction If you have written any Go code you have pr ...

  7. Erlang error handling

    Erlang error handling Contents Preface try-catch Process link Erlang-way error handling OTP supervis ...

  8. MySQL Error Handling in Stored Procedures 2

    Summary: this tutorial shows you how to use MySQL handler to handle exceptions or errors encountered ...

  9. Appcelerator Titanium Studio: JNI_CreateJavaVM missing error

    Mac升级到Yosemite后,Titanium Studio启动不了,报Appcelerator Studio: JNI_CreateJavaVM missing error 之类的错误,重装了Or ...

随机推荐

  1. 11、java中的模板方法设计模式

    /* 需求:获取一段程序运行的时间. 原理:获取程序开始和结束的时间并相减即可. 获取时间:System.currentTimeMillis(); 当代码完成优化后,就可以解决这类问题. 这种方式,模 ...

  2. windows下IIS+PHP解决大文件上传500错问题

    linux下改到iis+php后,上传大于2M就出500错,改了php.ini中的upload_max_filesize也不行,最后解决如下: 第一步:修改php.ini 上传大小限制 (以上传500 ...

  3. HackerRank "Flatland Space Stations"

    A bit Greedy can achieve O(m) - the mid station between 2 adjacent cities has the longest distance w ...

  4. Lua学习----Lua基础数据类型

    前言 Lua有6中数据类型,分别是nil(空).boolean(布尔).number(数字).string(字符).table(表).function(函数) 在Lua中可以使用type函数来返回一个 ...

  5. IQueryable,IEnumerable,List相互转换

    发个文记录一下犯的错误吧!!! 如果在使用ASP.NET MVC很多的数据存取都是以IQueryable<>泛型类接收,那么在做两个IQueryable<>集合拼接时对于新手可 ...

  6. linux使用secureCRT连接(没有rsa的时候)

    一台linux新机器,怎么使用secureCRT连接呢??? 首先  vim   /etc/sysconfig/network-scripts/ifcfg-eth0 把BOOTPROTO=none I ...

  7. Volley网络框架的使用

    Volley的特点:   使用网络通信更快.更简单 Get/Post网络请求网络图像的高效率异步请求 可以对网络请求的优先级进行排序处理 可以进行网络请求的缓存 可以取消多级别请求 可以和Activi ...

  8. Linux 忘记root密码 的解决办法

    以单用户维护模式登录 先将系统重启, 在读秒时按下任意键进入菜单界面,再仔细看菜单下的说明,按下e就能进入grub的编辑模式,如下 将光标移动到kernel那行, 再次按e进入kernel的编辑界面中 ...

  9. IEnumerable<T>与IQueryable<T>以及.net的扩展方法

    首先看看继承关系 public abstract class DbSet : DbQuery public abstract class DbQuery : IOrderedQueryable, IQ ...

  10. Round() 四舍五入 js银行家算法(转)

    首先问一下round(0.825,2) 返回的结果,大家猜一猜, 首先SQL server 返回的是 0.83 js的返回结果 是0.83,code 如下: var b = 0.825;        ...