Skip to end of banner Go to start of banner

ASP.NET Application Configuration Security Tips

Skip to end of metadata

Created by mgivechi on Jan 13, 2011

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

The following tips are simple, yet effective to maintain a portion of ASP.NET application security.

Web.config vulnerabilities: Default Error Message

When custom errors are disabled, ASP.NET gives a detailed default error message to clients.
Vulnerable configuration:

<configuration>

<system web>

<customErrors mode="off">

Secure configuration:

<configuration>

<system web>

<customErrors mode="remote only">

No labels