ASP.NET Debugging Enabled

Summary #

Netsparker detected that ASP.NET debugging is enabled.

Impact #

This indicates that the debugging flag was left enabled in the production system. There is no direct impact of this issue, and it is presented here only for information.

Actions To Take #

Apply the following changes in your web.config file to disable ASP.NET debugging.

<System.Web>
     <compilation debug="false" /> 
</System.Web>

Classifications #

CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP PC-C7, OWASP 2013-A5, OWASP 2017-A6

Netsparker Security Insights #

Netsparker Supports the OWASP Lightning Event “How to Turn your Cybersecurity Hobby into a Career – An Introduction to Bug Bounties”
Predicting the Most Common Security Vulnerabilities for Web Applications in 2021
The OWASP API Security Top 10
Netsparker Exhibited at Global AppSec DC 2019 in Washington, D.C.
Netsparker Sponsors OWASP AppSec California 2019

Helpful Use Cases #

Best OWASP Zap Alternative
Identifying the OWASP Top Ten Flaws in Websites