If so, click to download 15 days full version for free!
Presenting detailed error messages is always advantageous for developers to understand the root reason of a development or a production bug.
However, the same is true for attackers. An attacker presented a detailed exception will abuse it for a huge range of vulnerabilities; all injection types of vulnerabilities, padding oracle, business logic problems, mass assignment etc.
ASP.NET has a configuration directive, compilation, whose debug attribute value specifies whether to compile debug binaries rather than retail binaries if set to true, which is the default value. Debug binaries giveaway detailed debugging messages.
Here’s an insecure Web.config debug directive;
<configuration> <system.web> <compilation debug="true" targetFramework="4.6.1" /> ...
Given the above code, if CustomClass doesn’t override the Equals method, the equality check will fail. However, the intended semantic might tell that they are equal because of the same first name and age.
If so, click to buy now for yearly subscriptions!