67% of ASP.NET websites have serious config related vulnerabilities

added by troyhunt
4/3/2012 2:19:37 AM


Actually, it’s even worse than that – it’s really 67.37%. It’s an alarmingly high number for what amounts to very simple configuration vulnerabilities. The numbers come courtesy of ASafaWeb, the Automated Security Analyser for ASP.NET Websites which is a free online scanner at asafaweb.com. Let me walk you through these results and offer a bit of insight as to where things are going wrong when ASP.NET web sites are published. Hopefully this will be a bit of a “call to action” which helps developers understand where they might need to do a bit of tweaking in their apps.


4/3/2012 1:03:31 PM
IMO there should be a default 500 page regardless of the config setting for anyone not on the local network; too many people forget about this setting.