skippy1471
IS-IT--Management
Hi Guys,
I was wondering if you could help me? We have recently undergone a Penetration Test, the guys doing the test couldn't find much but one thing they pulled us up on was that OWA was giving error messages out, they in fact said:
Error messages observed during review
We observed that verbose error messages are issued to the client in response to unexpected queries, or invalid application logic. These error messages were observed when testing the server.
The messages were like Server Error in '/' Application - Runtime Error & Server Error in '/' Application - Trace Error. I have attached a screenshot of the error message.
We have been told that we have got to use a Generic Error message instead as Verbose error messages prove useful to an attacker attempting to compromise an application.
I have Googled around and been onto Microsoft but I can find no answers for Customizing and Applying Generic Messages or Disabling Server Error Messages.
Please can you help?
I was wondering if you could help me? We have recently undergone a Penetration Test, the guys doing the test couldn't find much but one thing they pulled us up on was that OWA was giving error messages out, they in fact said:
Error messages observed during review
We observed that verbose error messages are issued to the client in response to unexpected queries, or invalid application logic. These error messages were observed when testing the server.
The messages were like Server Error in '/' Application - Runtime Error & Server Error in '/' Application - Trace Error. I have attached a screenshot of the error message.
We have been told that we have got to use a Generic Error message instead as Verbose error messages prove useful to an attacker attempting to compromise an application.
I have Googled around and been onto Microsoft but I can find no answers for Customizing and Applying Generic Messages or Disabling Server Error Messages.
Please can you help?