ASP.NET Debugging Enabled

Summary #

Netsparker detected that ASP.NET debugging is enabled.

Impact #

This indicates that the debugging flag was left enabled in the production system. There is no direct impact of this issue, and it is presented here only for information.

Actions To Take #

Apply the following changes in your web.config file to disable ASP.NET debugging.

<System.Web>
     <compilation debug="false" /> 
</System.Web>

Classifications #

CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP PC-C7, OWASP 2013-A5, OWASP 2017-A6

Netsparker Security Insights #

Netsparker Exhibited at Global AppSec DC 2019 in Washington, D.C.
Netsparker Sponsors OWASP AppSec California 2019
Netsparker to Exhibit at OWASP AppSec USA 2018 in San Jose
Netsparker To Exhibit at OWASP AppSec EU 2018 in London
Visit Netsparker at OWASP AppSec USA 2017 in Orlando

Helpful Use Cases #

Best OWASP Zap Alternative
Identifying the OWASP Top Ten Flaws in Websites