ASP.NET DEBUG Method Enabled Security Issue

IQ TEST

About

ASP.NET debugging is enabled on the host.

An attacker can send debug statements to the remote ASP scripts.

ImpactMinimal

It may be possible to disclose sensitive information about the Web sever and the ASP.NET application. Enabling DEBUG can also have serious implications on the performance of the Web site.

Solution

  1. Open the Web.config file in a text editor such as Notepad.exe. Web.config file is typically located in the application directory.
  2. In the Web.config file, locate the compilation element. Debugging is enabled when the debug attribute in the compilation element is set to true.
  3. Modify the debug attribute to false, and then save the Web.config file to disable debugging for that application.The following code sample shows the compilation element with debug set to false:
<compilation
 debug="false"
/>

Leave a Reply

Your email address will not be published. Required fields are marked *