.Net
In this section, you will find a list of the rules associated with the .NET language and the security requirements.
Method | Security Requirement |
---|---|
DOTNETCONFIG_ANON_AUTH_ENABLED | 142. Change system default credentials 264. Request authentication 265. Restrict access to critical processes 266. Disable insecure functionalities 319. Make authentication options equally secure |
DOTNETCONFIG_ASP_VERSION_ENABLED | 077. Avoid disclosing technical information 176. Restrict system objects |
DOTNETCONFIG_EXCESSIVE_AUTH_PRIVILEGES | 095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege |
DOTNETCONFIG_HAS_DEBUG_ENABLED | 077. Avoid disclosing technical information 078. Disable debugging events |
DOTNETCONFIG_HAS_SSL_DISABLED | 266. Disable insecure functionalities |
DOTNETCONFIG_NOT_CUSTOM_ERRORS | 077. Avoid disclosing technical information 176. Restrict system objects |
DOTNETCONFIG_NOT_SUPPRESS_VULN_HEADER | 077. Avoid disclosing technical information 176. Restrict system objects |