Error codes & custom 404s

•Download as PPTX, PDF•

0 likes•4,483 views

Ronan Dunne, CEH, SSCP

Technology

• Error Codes are very common during Web
Application Security tests
• Often seen as a non-security issue
• Easy to remediate

• Error Codes can unveil a lot of information
regarding an Application to an attacker
• This includes:
– Databases
– Bugs
– Server Config

– Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[MySQL][ODBC 3.51 Driver]Unknown MySQL server

– Microsoft OLE DB Provider for ODBC Drivers error
'80004005' [Microsoft][ODBC Access 97 ODBC driver
Driver]General error Unable to open registry key 'DriverId‘

– Not Found The requested URL /page.html was not found
on this server. Apache/2.2.3 (Unix) mod_ssl/2.2.3
OpenSSL/0.9.7g DAV/2 PHP/5.1.2 Server at localhost Port
80

• If a user requests a dynamic resource that
does not exist (for example, an ASPX file), then
the user sees the default server error message
generated by ASP.NET for HTTP 404 errors:

• If an unhandled exception occurs in the
application, then the user sees the default
server error message generated by ASP.NET
for HTTP 500 errors:

• ASP.NET web application developers call these
the "
"(
)
• Similar to this traffic light, Users and
Developers are unaware of the risk these
errors can have

• Add error pages for 404 and 500 error codes
from within the application configuration file
(web.config)
• This instruct IIS to use the specified custom
pages for these error codes

What's hot

Web Hacking Series Part 1Aditya Kamat

XSSHrishikesh Mishra

Web Hacking series part 2Aditya Kamat

Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx

Web hacking series part 3Aditya Kamat

Automatically detecting security vulnerabilities in WordPressFresh Consulting

Dzhengis 93098 ajax - securitydzhengo44

AJAX: How to Divert ThreatsCenzic

Hack proof your ASP NET ApplicationsSarvesh Kushwaha

Sql Injection and XSSMike Crabb

SignalR Sarvesh Kushwaha

Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar

Secure Code Warrior - Cross site scriptingSecure Code Warrior

Cross Site Scripting(XSS)Nabin Dutta

Pentesting RESTful webservicesMohammed A. Imran

Secure Code Warrior - Remote file inclusionSecure Code Warrior

OWASP top 10-2013tmd800

Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Lostar

Secure Web Applications Ver0.01Vasan Ramadoss

SQL injection basicsBlueinfy Solutions

What's hot (20)

Web Hacking Series Part 1

XSS

Web Hacking series part 2

Owasp Top 10 A3: Cross Site Scripting (XSS)

Web hacking series part 3

Automatically detecting security vulnerabilities in WordPress

Dzhengis 93098 ajax - security

AJAX: How to Divert Threats

Hack proof your ASP NET Applications

Sql Injection and XSS

SignalR

Website hacking and prevention (All Tools,Topics & Technique )

Secure Code Warrior - Cross site scripting

Cross Site Scripting(XSS)

Pentesting RESTful webservices

Secure Code Warrior - Remote file inclusion

OWASP top 10-2013

Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013

Secure Web Applications Ver0.01

SQL injection basics

Viewers also liked

Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP

B wapp – bee bug – installationRonan Dunne, CEH, SSCP

Content security policyRonan Dunne, CEH, SSCP

Qr codesRonan Dunne, CEH, SSCP

Apache Multiview VulnerabilityRonan Dunne, CEH, SSCP

Blind xssRonan Dunne, CEH, SSCP

Kauppatieteilijöiden työttömyys 30.9.2017Suomen Ekonomit

Click jackingRonan Dunne, CEH, SSCP

Viewers also liked (8)

Cross Domain Hijacking - File Upload Vulnerability

B wapp – bee bug – installation

Content security policy

Qr codes

Apache Multiview Vulnerability

Blind xss

Kauppatieteilijöiden työttömyys 30.9.2017

Click jacking

Similar to Error codes & custom 404s

Make your Azure PaaS Deployment More SafeThuan Ng

CodeigniterJoram Salinas

Securing the Apache web serverwebhostingguy

How to Harden the Security of Your .NET WebsiteDNN

Web Application Security 101Jannis Kirschner

Web SecurityChatree Kunjai

香港六合彩taoyan

هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian

Security testingTabăra de Testare

Conectarea sgdb acces la un server oraclepamiproject

Data mining tools for excel and sql serverSayed Ahmed

Php reports sumitSumit Biswas

apidays New York 2023 - Putting yourself out there - how to secure your publi...apidays

Vulnerabilities on Various Data Processing LevelsPositive Hack Days

Web hackingtools cf-summit2014ColdFusionConference

CNIT 123 Ch 10: Hacking Web ServersSam Bowne

php databse handlingkunj desai

Hacking oracle using metasploitAlberto García Illera

Hacking Oracle Web Applications With MetasploitChris Gates

Similar to Error codes & custom 404s (20)

Make your Azure PaaS Deployment More Safe

Codeigniter

Securing the Apache web server

How to Harden the Security of Your .NET Website

Web Application Security 101

Web Security

香港六合彩

هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...

Security testing

Conectarea sgdb acces la un server oracle

Data mining tools for excel and sql server

Php reports sumit

apidays New York 2023 - Putting yourself out there - how to secure your publi...

Vulnerabilities on Various Data Processing Levels

Web hackingtools cf-summit2014

CNIT 123 Ch 10: Hacking Web Servers

php databse handling

Hacking oracle using metasploit

Hacking Oracle Web Applications With Metasploit

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong

GenAI Risks & Security Meetup 01052024.pdflior mazor

🐬 The future of MySQL is Postgres 🐘RTylerCroy

The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los

[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Finology Group – Insurtech Innovation Award 2024The Digital Insurer

Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j

presentation ICT roal in 21st century educationjfdjdjcjdnsjd

Boost PC performance: How more available memory can improve productivityPrincipled Technologies

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung

Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer

Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge

HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics

TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc

Partners Life - Insurer Innovation Award 2024The Digital Insurer

A Domino Admins Adventures (Engage 2024)Gabriella Davis

Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...

GenAI Risks & Security Meetup 01052024.pdf

🐬 The future of MySQL is Postgres 🐘

The 7 Things I Know About Cyber Security After 25 Years | April 2024

[2024]Digital Global Overview Report 2024 Meltwater.pdf

How to Troubleshoot Apps for the Modern Connected Worker

Finology Group – Insurtech Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

presentation ICT roal in 21st century education

Boost PC performance: How more available memory can improve productivity

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Driving Behavioral Change for Information Management through Data-Driven Gree...

HTML Injection Attacks: Impact and Mitigation Strategies

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Partners Life - Insurer Innovation Award 2024

A Domino Admins Adventures (Engage 2024)

Advantages of Hiring UIUX Design Service Providers for Your Business

Error codes & custom 404s

3. • Error Codes are very common during Web Application Security tests • Often seen as a non-security issue • Easy to remediate

4. • Error Codes can unveil a lot of information regarding an Application to an attacker • This includes: – Databases – Bugs – Server Config

5. – Microsoft OLE DB Provider for ODBC Drivers (0x80004005) [MySQL][ODBC 3.51 Driver]Unknown MySQL server – Microsoft OLE DB Provider for ODBC Drivers error '80004005' [Microsoft][ODBC Access 97 ODBC driver Driver]General error Unable to open registry key 'DriverId‘ – Not Found The requested URL /page.html was not found on this server. Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7g DAV/2 PHP/5.1.2 Server at localhost Port 80

6. • If a user requests a dynamic resource that does not exist (for example, an ASPX file), then the user sees the default server error message generated by ASP.NET for HTTP 404 errors:

7. • If an unhandled exception occurs in the application, then the user sees the default server error message generated by ASP.NET for HTTP 500 errors:

8. • ASP.NET web application developers call these the " "( ) • Similar to this traffic light, Users and Developers are unaware of the risk these errors can have

9. • Add error pages for 404 and 500 error codes from within the application configuration file (web.config) • This instruct IIS to use the specified custom pages for these error codes

Error codes & custom 404s

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to Error codes & custom 404s

Similar to Error codes & custom 404s (20)

Recently uploaded

Recently uploaded (20)

Error codes & custom 404s