ASP.NET Debugging Enabled

Summary

Netsparker detected that ASP.NET debugging is enabled.

Impact

This indicates that the debugging flag was left enabled in the production system. There is no direct impact of this issue, and it is presented here only for information.

Actions To Take

Apply the following changes in your web.config file to disable ASP.NET debugging.

<System.Web>
     <compilation debug="false" /> 
</System.Web>

Classifications

CWE-16, ISO27001-A.9.4.1, WASC-14, OWASP PC-C7, OWASP 2013-A5, OWASP 2017-A6

Netsparker Security Insights

Netsparker Exhibited at Global AppSec DC 2019 in Washington, D.C.
Netsparker Sponsors OWASP AppSec California 2019
Netsparker to Exhibit at OWASP AppSec USA 2018 in San Jose
Netsparker To Exhibit at OWASP AppSec EU 2018 in London
Visit Netsparker at OWASP AppSec USA 2017 in Orlando

Helpful Use Cases

Best OWASP Zap Alternative
Identifying the OWASP Top Ten Flaws in Websites