Error codes & custom 404s

•Download as PPTX, PDF•

0 likes•4,483 views

Ronan Dunne, CEH, SSCP

Technology

• Error Codes are very common during Web
Application Security tests
• Often seen as a non-security issue
• Easy to remediate

• Error Codes can unveil a lot of information
regarding an Application to an attacker
• This includes:
– Databases
– Bugs
– Server Config

– Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[MySQL][ODBC 3.51 Driver]Unknown MySQL server

– Microsoft OLE DB Provider for ODBC Drivers error
'80004005' [Microsoft][ODBC Access 97 ODBC driver
Driver]General error Unable to open registry key 'DriverId‘

– Not Found The requested URL /page.html was not found
on this server. Apache/2.2.3 (Unix) mod_ssl/2.2.3
OpenSSL/0.9.7g DAV/2 PHP/5.1.2 Server at localhost Port
80

• If a user requests a dynamic resource that
does not exist (for example, an ASPX file), then
the user sees the default server error message
generated by ASP.NET for HTTP 404 errors:

• If an unhandled exception occurs in the
application, then the user sees the default
server error message generated by ASP.NET
for HTTP 500 errors:

• ASP.NET web application developers call these
the "
"(
)
• Similar to this traffic light, Users and
Developers are unaware of the risk these
errors can have

• Add error pages for 404 and 500 error codes
from within the application configuration file
(web.config)
• This instruct IIS to use the specified custom
pages for these error codes

What's hot

Web Hacking Series Part 1Aditya Kamat

XSSHrishikesh Mishra

Web Hacking series part 2Aditya Kamat

Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx

Web hacking series part 3Aditya Kamat

Automatically detecting security vulnerabilities in WordPressFresh Consulting

Dzhengis 93098 ajax - securitydzhengo44

AJAX: How to Divert ThreatsCenzic

Hack proof your ASP NET ApplicationsSarvesh Kushwaha

Sql Injection and XSSMike Crabb

SignalR Sarvesh Kushwaha

Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar

Secure Code Warrior - Cross site scriptingSecure Code Warrior

Cross Site Scripting(XSS)Nabin Dutta

Pentesting RESTful webservicesMohammed A. Imran

Secure Code Warrior - Remote file inclusionSecure Code Warrior

OWASP top 10-2013tmd800

Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Lostar

Secure Web Applications Ver0.01Vasan Ramadoss

SQL injection basicsBlueinfy Solutions

What's hot (20)

Web Hacking Series Part 1

XSS

Web Hacking series part 2

Owasp Top 10 A3: Cross Site Scripting (XSS)

Web hacking series part 3

Automatically detecting security vulnerabilities in WordPress

Dzhengis 93098 ajax - security

AJAX: How to Divert Threats

Hack proof your ASP NET Applications

Sql Injection and XSS

SignalR

Website hacking and prevention (All Tools,Topics & Technique )

Secure Code Warrior - Cross site scripting

Cross Site Scripting(XSS)

Pentesting RESTful webservices

Secure Code Warrior - Remote file inclusion

OWASP top 10-2013

Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013

Secure Web Applications Ver0.01

SQL injection basics

Viewers also liked

Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP

B wapp – bee bug – installationRonan Dunne, CEH, SSCP

Content security policyRonan Dunne, CEH, SSCP

Qr codesRonan Dunne, CEH, SSCP

Apache Multiview VulnerabilityRonan Dunne, CEH, SSCP

Blind xssRonan Dunne, CEH, SSCP

Kauppatieteilijöiden työttömyys 30.9.2017Suomen Ekonomit

Click jackingRonan Dunne, CEH, SSCP

Viewers also liked (8)

Cross Domain Hijacking - File Upload Vulnerability

B wapp – bee bug – installation

Content security policy

Qr codes

Apache Multiview Vulnerability

Blind xss

Kauppatieteilijöiden työttömyys 30.9.2017

Click jacking

Similar to Error codes & custom 404s

Make your Azure PaaS Deployment More SafeThuan Ng

CodeigniterJoram Salinas

Securing the Apache web serverwebhostingguy

How to Harden the Security of Your .NET WebsiteDNN

Web Application Security 101Jannis Kirschner

Web SecurityChatree Kunjai

香港六合彩taoyan

هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian

Security testingTabăra de Testare

Conectarea sgdb acces la un server oraclepamiproject

Data mining tools for excel and sql serverSayed Ahmed

Php reports sumitSumit Biswas

apidays New York 2023 - Putting yourself out there - how to secure your publi...apidays

Vulnerabilities on Various Data Processing LevelsPositive Hack Days

Web hackingtools cf-summit2014ColdFusionConference

CNIT 123 Ch 10: Hacking Web ServersSam Bowne

php databse handlingkunj desai

Hacking oracle using metasploitAlberto García Illera

Hacking Oracle Web Applications With MetasploitChris Gates

Similar to Error codes & custom 404s (20)

Make your Azure PaaS Deployment More Safe

Codeigniter

Securing the Apache web server

How to Harden the Security of Your .NET Website

Web Application Security 101

Web Security

香港六合彩

هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...

Security testing

Conectarea sgdb acces la un server oracle

Data mining tools for excel and sql server

Php reports sumit

apidays New York 2023 - Putting yourself out there - how to secure your publi...

Vulnerabilities on Various Data Processing Levels

Web hackingtools cf-summit2014

CNIT 123 Ch 10: Hacking Web Servers

php databse handling

Hacking oracle using metasploit

Hacking Oracle Web Applications With Metasploit

Recently uploaded

Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood

Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya

ICT role in 21st century education and its challengesrafiqahmad00786416

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays

TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10

Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez

Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh

AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer

presentation ICT roal in 21st century educationjfdjdjcjdnsjd

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

DBX First Quarter 2024 Investor PresentationDropbox

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93

Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Artificial Intelligence Chap.5 : Uncertainty

ICT role in 21st century education and its challenges

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Data Cloud, More than a CDP by Matt Robison

Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model

AXA XL - Insurer Innovation Award Americas 2024

presentation ICT roal in 21st century education

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

How to Troubleshoot Apps for the Modern Connected Worker

DBX First Quarter 2024 Investor Presentation

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategies for Landing an Oracle DBA Job as a Fresher

Error codes & custom 404s

3. • Error Codes are very common during Web Application Security tests • Often seen as a non-security issue • Easy to remediate

4. • Error Codes can unveil a lot of information regarding an Application to an attacker • This includes: – Databases – Bugs – Server Config

5. – Microsoft OLE DB Provider for ODBC Drivers (0x80004005) [MySQL][ODBC 3.51 Driver]Unknown MySQL server – Microsoft OLE DB Provider for ODBC Drivers error '80004005' [Microsoft][ODBC Access 97 ODBC driver Driver]General error Unable to open registry key 'DriverId‘ – Not Found The requested URL /page.html was not found on this server. Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7g DAV/2 PHP/5.1.2 Server at localhost Port 80

6. • If a user requests a dynamic resource that does not exist (for example, an ASPX file), then the user sees the default server error message generated by ASP.NET for HTTP 404 errors:

7. • If an unhandled exception occurs in the application, then the user sees the default server error message generated by ASP.NET for HTTP 500 errors:

8. • ASP.NET web application developers call these the " "( ) • Similar to this traffic light, Users and Developers are unaware of the risk these errors can have

9. • Add error pages for 404 and 500 error codes from within the application configuration file (web.config) • This instruct IIS to use the specified custom pages for these error codes

Error codes & custom 404s

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to Error codes & custom 404s

Similar to Error codes & custom 404s (20)

Recently uploaded

Recently uploaded (20)

Error codes & custom 404s