Tuesday, 23 August 2016

 
 

The 5 mistakes in the web.config in Asp.Net

 
 
 
 
1. Custom Errors Disabled
 
Vulnerable configuration:
<configuration>
<system.web>
<customErrors mode="Off">
Secure configuration:
<configuration>
<system.web>
<customErrors mode="RemoteOnly">
 
 
2. Leaving Tracing Enabled in Web-Based Applications
 
Vulnerable configuration:
<configuration>
<system.web>
<trace enabled="true" localOnly="false">
Secure configuration:
<configuration>
<system.web>
<trace enabled="false" localOnly="true">
 
 
3. Debugging Enabled
 
Vulnerable configuration:
<configuration>
<system.web>
<compilation debug="true">
Secure configuration:
<configuration>
<system.web>
<compilation debug="false">
 
 
4. Cookies Accessible through Client-Side Script
 
Vulnerable configuration:
<configuration>
<system.web>
<httpCookies httpOnlyCookies="false">
Secure configuration:
<configuration>
<system.web>
<httpCookies httpOnlyCookies="true">
 
 
5. Cookieless Session State Enabled
 
Vulnerable configuration:
<configuration>
<system.web>
<sessionState cookieless="UseUri">
Secure configuration:
<configuration>
<system.web>
<sessionState cookieless="UseCookies">
Posted by at

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )