Your SlideShare is downloading. ×
0
• Error Codes are very common during Web
Application Security tests
• Often seen as a non-security issue
• Easy to remedia...
• Error Codes can unveil a lot of information
regarding an Application to an attacker
• This includes:
– Databases
– Bugs
...
– Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[MySQL][ODBC 3.51 Driver]Unknown MySQL server

– Microsoft OLE D...
• If a user requests a dynamic resource that
does not exist (for example, an ASPX file), then
the user sees the default se...
• If an unhandled exception occurs in the
application, then the user sees the default
server error message generated by AS...
• ASP.NET web application developers call these
the "
"(
)
• Similar to this traffic light, Users and
Developers are unawa...
• Add error pages for 404 and 500 error codes
from within the application configuration file
(web.config)
• This instruct ...
Error codes & custom 404s
Error codes & custom 404s
Error codes & custom 404s
Error codes & custom 404s
Error codes & custom 404s
Error codes & custom 404s
Upcoming SlideShare
Loading in...5
×

Error codes & custom 404s

3,433

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,433
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Error codes & custom 404s"

  1. 1. • Error Codes are very common during Web Application Security tests • Often seen as a non-security issue • Easy to remediate
  2. 2. • Error Codes can unveil a lot of information regarding an Application to an attacker • This includes: – Databases – Bugs – Server Config
  3. 3. – Microsoft OLE DB Provider for ODBC Drivers (0x80004005) [MySQL][ODBC 3.51 Driver]Unknown MySQL server – Microsoft OLE DB Provider for ODBC Drivers error '80004005' [Microsoft][ODBC Access 97 ODBC driver Driver]General error Unable to open registry key 'DriverId‘ – Not Found The requested URL /page.html was not found on this server. Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7g DAV/2 PHP/5.1.2 Server at localhost Port 80
  4. 4. • If a user requests a dynamic resource that does not exist (for example, an ASPX file), then the user sees the default server error message generated by ASP.NET for HTTP 404 errors:
  5. 5. • If an unhandled exception occurs in the application, then the user sees the default server error message generated by ASP.NET for HTTP 500 errors:
  6. 6. • ASP.NET web application developers call these the " "( ) • Similar to this traffic light, Users and Developers are unaware of the risk these errors can have
  7. 7. • Add error pages for 404 and 500 error codes from within the application configuration file (web.config) • This instruct IIS to use the specified custom pages for these error codes
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×