Share
Report
314Hi all,
Just wondering if its possiable to remove the Stack Trace log on the custom error page.
Client's doing Penetration Testing on the portal and this is one of the risk they found. Quote from the Penetration testing report doc:
Verbose Error Information Disclosure
When an error occurred, the site displayed a message containing information about the error stack trace.
Errors may provide useful information for a developer or tester for debugging purposes, however this could also result in information regarding the software or operations of the site, being disclosed to a malicious user.
If an attacker gained access to the system and was able to trigger an error, they could use the information to focus their attacks on the specific components.
Any help would be much appreciated.
Cheers,
Dom
All responses (
Answers (
