SlideShare a Scribd company logo

Error codes & custom 404s

Download as PPTX, PDF
Ronan Dunne, CEH, SSCP
Ronan Dunne, CEH, SSCP
Technology
1 of 13
• Error Codes are very common during Web Application Security tests • Often seen as a non-security issue • Easy to remediate
• Error Codes can unveil a lot of information regarding an Application to an attacker • This includes: – Databases – Bugs – Server Config
– Microsoft OLE DB Provider for ODBC Drivers (0x80004005) [MySQL][ODBC 3.51 Driver]Unknown MySQL server – Microsoft OLE DB Provider for ODBC Drivers error '80004005' [Microsoft][ODBC Access 97 ODBC driver Driver]General error Unable to open registry key 'DriverId‘ – Not Found The requested URL /page.html was not found on this server. Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7g DAV/2 PHP/5.1.2 Server at localhost Port 80
• If a user requests a dynamic resource that does not exist (for example, an ASPX file), then the user sees the default server error message generated by ASP.NET for HTTP 404 errors:
• If an unhandled exception occurs in the application, then the user sees the default server error message generated by ASP.NET for HTTP 500 errors:
• ASP.NET web application developers call these the " "( ) • Similar to this traffic light, Users and Developers are unaware of the risk these errors can have
• Add error pages for 404 and 500 error codes from within the application configuration file (web.config) • This instruct IIS to use the specified custom pages for these error codes
Error codes & custom 404s
Error codes & custom 404s
Error codes & custom 404s
Error codes & custom 404s

Recommended

Unicode
UnicodeUnicode
UnicodeRonan Dunne, CEH, SSCP
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSSRonan Dunne, CEH, SSCP
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack PresentationKhoa Nguyen
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security IssuesRonan Dunne, CEH, SSCP
 
Web Hacking Series Part 4
Web Hacking Series Part 4Web Hacking Series Part 4
Web Hacking Series Part 4Aditya Kamat
 
Common Web Application Attacks
Common Web Application Attacks Common Web Application Attacks
Common Web Application Attacks Ahmed Sherif
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 

Recommended

Unicode
UnicodeUnicode
UnicodeRonan Dunne, CEH, SSCP
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSSRonan Dunne, CEH, SSCP
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack PresentationKhoa Nguyen
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
ASP.NET View State - Security Issues
ASP.NET View State - Security IssuesASP.NET View State - Security Issues
ASP.NET View State - Security IssuesRonan Dunne, CEH, SSCP
 
Web Hacking Series Part 4
Web Hacking Series Part 4Web Hacking Series Part 4
Web Hacking Series Part 4Aditya Kamat
 
Common Web Application Attacks
Common Web Application Attacks Common Web Application Attacks
Common Web Application Attacks Ahmed Sherif
 
Web Security Attacks
Web Security AttacksWeb Security Attacks
Web Security AttacksSajid Hasan
 
Web Hacking Series Part 1
Web Hacking Series Part 1Web Hacking Series Part 1
Web Hacking Series Part 1Aditya Kamat
 
XSS
XSSXSS
XSSHrishikesh Mishra
 
Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2Aditya Kamat
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
 
Web hacking series part 3
Web hacking series part 3Web hacking series part 3
Web hacking series part 3Aditya Kamat
 
Automatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPressAutomatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPressFresh Consulting
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - securitydzhengo44
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert ThreatsCenzic
 
Hack proof your ASP NET Applications
Hack proof your ASP NET ApplicationsHack proof your ASP NET Applications
Hack proof your ASP NET ApplicationsSarvesh Kushwaha
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
SignalR
SignalR SignalR
SignalR Sarvesh Kushwaha
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Nabin Dutta
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013tmd800
 
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Lostar
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Vasan Ramadoss
 
SQL injection basics
SQL injection basicsSQL injection basics
SQL injection basicsBlueinfy Solutions
 
Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installationRonan Dunne, CEH, SSCP
 

More Related Content

What's hot

Web Hacking Series Part 1
Web Hacking Series Part 1Web Hacking Series Part 1
Web Hacking Series Part 1Aditya Kamat
 
Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2Aditya Kamat
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
 
Web hacking series part 3
Web hacking series part 3Web hacking series part 3
Web hacking series part 3Aditya Kamat
 
Automatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPressAutomatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPressFresh Consulting
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - securitydzhengo44
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert ThreatsCenzic
 
Hack proof your ASP NET Applications
Hack proof your ASP NET ApplicationsHack proof your ASP NET Applications
Hack proof your ASP NET ApplicationsSarvesh Kushwaha
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Nabin Dutta
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013tmd800
 
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Lostar
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Vasan Ramadoss
 

What's hot (20)

Web Hacking Series Part 1
Web Hacking Series Part 1Web Hacking Series Part 1
Web Hacking Series Part 1
 
XSS
XSSXSS
XSS
 
Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
 
Web hacking series part 3
Web hacking series part 3Web hacking series part 3
Web hacking series part 3
 
Automatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPressAutomatically detecting security vulnerabilities in WordPress
Automatically detecting security vulnerabilities in WordPress
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - security
 
AJAX: How to Divert Threats
AJAX: How to Divert ThreatsAJAX: How to Divert Threats
AJAX: How to Divert Threats
 
Hack proof your ASP NET Applications
Hack proof your ASP NET ApplicationsHack proof your ASP NET Applications
Hack proof your ASP NET Applications
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
 
SignalR
SignalR SignalR
SignalR
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
 
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)Cross Site Scripting(XSS)
Cross Site Scripting(XSS)
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusion
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013
 
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013
 
Secure Web Applications Ver0.01
Secure Web Applications Ver0.01Secure Web Applications Ver0.01
Secure Web Applications Ver0.01
 
SQL injection basics
SQL injection basicsSQL injection basics
SQL injection basics
 

Viewers also liked

Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP
 
Kauppatieteilijöiden työttömyys 30.9.2017
Kauppatieteilijöiden työttömyys 30.9.2017Kauppatieteilijöiden työttömyys 30.9.2017
Kauppatieteilijöiden työttömyys 30.9.2017Suomen Ekonomit
 

Viewers also liked (8)

Cross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload VulnerabilityCross Domain Hijacking - File Upload Vulnerability
Cross Domain Hijacking - File Upload Vulnerability
 
B wapp – bee bug – installation
B wapp – bee bug – installationB wapp – bee bug – installation
B wapp – bee bug – installation
 
Content security policy
Content security policyContent security policy
Content security policy
 
Qr codes
Qr codesQr codes
Qr codes
 
Apache Multiview Vulnerability
Apache Multiview VulnerabilityApache Multiview Vulnerability
Apache Multiview Vulnerability
 
Blind xss
Blind xssBlind xss
Blind xss
 
Kauppatieteilijöiden työttömyys 30.9.2017
Kauppatieteilijöiden työttömyys 30.9.2017Kauppatieteilijöiden työttömyys 30.9.2017
Kauppatieteilijöiden työttömyys 30.9.2017
 
Click jacking
Click jackingClick jacking
Click jacking
 

Similar to Error codes & custom 404s

Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
Securing the Apache web server
Securing the Apache web serverSecuring the Apache web server
Securing the Apache web serverwebhostingguy
 
Securing the Apache web server
Securing the Apache web serverSecuring the Apache web server
Securing the Apache web serverwebhostingguy
 
How to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET WebsiteHow to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET WebsiteDNN
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Jannis Kirschner
 
香港六合彩
香港六合彩香港六合彩
香港六合彩taoyan
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian
 
Conectarea sgdb acces la un server oracle
Conectarea sgdb acces la un server oracleConectarea sgdb acces la un server oracle
Conectarea sgdb acces la un server oraclepamiproject
 
Data mining tools for excel and sql server
Data mining tools for excel and sql serverData mining tools for excel and sql server
Data mining tools for excel and sql serverSayed Ahmed
 
apidays New York 2023 - Putting yourself out there - how to secure your publi...
apidays New York 2023 - Putting yourself out there - how to secure your publi...apidays New York 2023 - Putting yourself out there - how to secure your publi...
apidays New York 2023 - Putting yourself out there - how to secure your publi...apidays
 
Vulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing LevelsVulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing LevelsPositive Hack Days
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersSam Bowne
 
php databse handling
php databse handlingphp databse handling
php databse handlingkunj desai
 
Hacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With MetasploitHacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With MetasploitChris Gates
 

Similar to Error codes & custom 404s (20)

Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
Codeigniter
CodeigniterCodeigniter
Codeigniter
 
Securing the Apache web server
Securing the Apache web serverSecuring the Apache web server
Securing the Apache web server
 
Securing the Apache web server
Securing the Apache web serverSecuring the Apache web server
Securing the Apache web server
 
How to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET WebsiteHow to Harden the Security of Your .NET Website
How to Harden the Security of Your .NET Website
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
Web Security
Web SecurityWeb Security
Web Security
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
 
Security testing
Security testingSecurity testing
Security testing
 
Conectarea sgdb acces la un server oracle
Conectarea sgdb acces la un server oracleConectarea sgdb acces la un server oracle
Conectarea sgdb acces la un server oracle
 
Data mining tools for excel and sql server
Data mining tools for excel and sql serverData mining tools for excel and sql server
Data mining tools for excel and sql server
 
Php reports sumit
Php reports sumitPhp reports sumit
Php reports sumit
 
apidays New York 2023 - Putting yourself out there - how to secure your publi...
apidays New York 2023 - Putting yourself out there - how to secure your publi...apidays New York 2023 - Putting yourself out there - how to secure your publi...
apidays New York 2023 - Putting yourself out there - how to secure your publi...
 
Vulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing LevelsVulnerabilities on Various Data Processing Levels
Vulnerabilities on Various Data Processing Levels
 
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014Web hackingtools cf-summit2014
Web hackingtools cf-summit2014
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
 
php databse handling
php databse handlingphp databse handling
php databse handling
 
Hacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With MetasploitHacking Oracle Web Applications With Metasploit
Hacking Oracle Web Applications With Metasploit
 
Hacking oracle using metasploit
Hacking oracle using metasploitHacking oracle using metasploit
Hacking oracle using metasploit
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

Error codes & custom 404s

  • 1.
  • 2.
  • 3. • Error Codes are very common during Web Application Security tests • Often seen as a non-security issue • Easy to remediate
  • 4. • Error Codes can unveil a lot of information regarding an Application to an attacker • This includes: – Databases – Bugs – Server Config
  • 5. – Microsoft OLE DB Provider for ODBC Drivers (0x80004005) [MySQL][ODBC 3.51 Driver]Unknown MySQL server – Microsoft OLE DB Provider for ODBC Drivers error '80004005' [Microsoft][ODBC Access 97 ODBC driver Driver]General error Unable to open registry key 'DriverId‘ – Not Found The requested URL /page.html was not found on this server. Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7g DAV/2 PHP/5.1.2 Server at localhost Port 80
  • 6. • If a user requests a dynamic resource that does not exist (for example, an ASPX file), then the user sees the default server error message generated by ASP.NET for HTTP 404 errors:
  • 7. • If an unhandled exception occurs in the application, then the user sees the default server error message generated by ASP.NET for HTTP 500 errors:
  • 8. • ASP.NET web application developers call these the " "( ) • Similar to this traffic light, Users and Developers are unaware of the risk these errors can have
  • 9. • Add error pages for 404 and 500 error codes from within the application configuration file (web.config) • This instruct IIS to use the specified custom pages for these error codes