ASP.NET Debugging Enabled

Summary #

Netsparker detected that ASP.NET debugging is enabled.

Impact #

This indicates that the debugging flag was left enabled in the production system. There is no direct impact of this issue, and it is presented here only for information.

Actions To Take #

Apply the following changes in your web.config file to disable ASP.NET debugging.

<System.Web>
     <compilation debug="false" />
</System.Web>

Classifications #

CWE-16; ISO27001-A.9.4.1; WASC-14; OWASP PC-C7; OWASP 2013-A5; OWASP 2017-A6

Netsparker Security Insights #

What is server-side request forgery (SSRF) and how can you prevent it?
What the OWASP Top 10 2021 categories mean for OWASP compliance
The new OWASP Top 10 is not what you think
Netsparker Supports the OWASP Lightning Event “How to Turn your Cybersecurity Hobby into a Career – An Introduction to Bug Bounties”
Predicting the Most Common Security Vulnerabilities for Web Applications in 2021

Helpful Use Cases #

Best OWASP Zap Alternative
Identifying the OWASP Top Ten Flaws in Websites