Error codes & custom 404s

•Download as PPTX, PDF•

0 likes•4,483 views

Ronan Dunne, CEH, SSCP

Technology

• Error Codes are very common during Web
Application Security tests
• Often seen as a non-security issue
• Easy to remediate

• Error Codes can unveil a lot of information
regarding an Application to an attacker
• This includes:
– Databases
– Bugs
– Server Config

– Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[MySQL][ODBC 3.51 Driver]Unknown MySQL server

– Microsoft OLE DB Provider for ODBC Drivers error
'80004005' [Microsoft][ODBC Access 97 ODBC driver
Driver]General error Unable to open registry key 'DriverId‘

– Not Found The requested URL /page.html was not found
on this server. Apache/2.2.3 (Unix) mod_ssl/2.2.3
OpenSSL/0.9.7g DAV/2 PHP/5.1.2 Server at localhost Port
80

• If a user requests a dynamic resource that
does not exist (for example, an ASPX file), then
the user sees the default server error message
generated by ASP.NET for HTTP 404 errors:

• If an unhandled exception occurs in the
application, then the user sees the default
server error message generated by ASP.NET
for HTTP 500 errors:

• ASP.NET web application developers call these
the "
"(
)
• Similar to this traffic light, Users and
Developers are unaware of the risk these
errors can have

• Add error pages for 404 and 500 error codes
from within the application configuration file
(web.config)
• This instruct IIS to use the specified custom
pages for these error codes

What's hot

Web Hacking Series Part 1Aditya Kamat

XSSHrishikesh Mishra

Web Hacking series part 2Aditya Kamat

Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx

Web hacking series part 3Aditya Kamat

Automatically detecting security vulnerabilities in WordPressFresh Consulting

Dzhengis 93098 ajax - securitydzhengo44

AJAX: How to Divert ThreatsCenzic

Hack proof your ASP NET ApplicationsSarvesh Kushwaha

Sql Injection and XSSMike Crabb

SignalR Sarvesh Kushwaha

Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar

Secure Code Warrior - Cross site scriptingSecure Code Warrior

Cross Site Scripting(XSS)Nabin Dutta

Pentesting RESTful webservicesMohammed A. Imran

Secure Code Warrior - Remote file inclusionSecure Code Warrior

OWASP top 10-2013tmd800

Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013 Lostar

Secure Web Applications Ver0.01Vasan Ramadoss

SQL injection basicsBlueinfy Solutions

What's hot (20)

Web Hacking Series Part 1

XSS

Web Hacking series part 2

Owasp Top 10 A3: Cross Site Scripting (XSS)

Web hacking series part 3

Automatically detecting security vulnerabilities in WordPress

Dzhengis 93098 ajax - security

AJAX: How to Divert Threats

Hack proof your ASP NET Applications

Sql Injection and XSS

SignalR

Website hacking and prevention (All Tools,Topics & Technique )

Secure Code Warrior - Cross site scripting

Cross Site Scripting(XSS)

Pentesting RESTful webservices

Secure Code Warrior - Remote file inclusion

OWASP top 10-2013

Top 10 Web Application Security Risks - Murat Lostar @ ISACA EUROCACS 2013

Secure Web Applications Ver0.01

SQL injection basics

Viewers also liked

Cross Domain Hijacking - File Upload VulnerabilityRonan Dunne, CEH, SSCP

B wapp – bee bug – installationRonan Dunne, CEH, SSCP

Content security policyRonan Dunne, CEH, SSCP

Qr codesRonan Dunne, CEH, SSCP

Apache Multiview VulnerabilityRonan Dunne, CEH, SSCP

Blind xssRonan Dunne, CEH, SSCP

Kauppatieteilijöiden työttömyys 30.9.2017Suomen Ekonomit

Click jackingRonan Dunne, CEH, SSCP

Viewers also liked (8)

Cross Domain Hijacking - File Upload Vulnerability

B wapp – bee bug – installation

Content security policy

Qr codes

Apache Multiview Vulnerability

Blind xss

Kauppatieteilijöiden työttömyys 30.9.2017

Click jacking

Similar to Error codes & custom 404s

Make your Azure PaaS Deployment More SafeThuan Ng

CodeigniterJoram Salinas

Securing the Apache web serverwebhostingguy

How to Harden the Security of Your .NET WebsiteDNN

Web Application Security 101Jannis Kirschner

Web SecurityChatree Kunjai

香港六合彩taoyan

هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian

Security testingTabăra de Testare

Conectarea sgdb acces la un server oraclepamiproject

Data mining tools for excel and sql serverSayed Ahmed

Php reports sumitSumit Biswas

apidays New York 2023 - Putting yourself out there - how to secure your publi...apidays

Vulnerabilities on Various Data Processing LevelsPositive Hack Days

Web hackingtools cf-summit2014ColdFusionConference

CNIT 123 Ch 10: Hacking Web ServersSam Bowne

php databse handlingkunj desai

Hacking oracle using metasploitAlberto García Illera

Hacking Oracle Web Applications With MetasploitChris Gates

Similar to Error codes & custom 404s (20)

Make your Azure PaaS Deployment More Safe

Codeigniter

Securing the Apache web server

How to Harden the Security of Your .NET Website

Web Application Security 101

Web Security

香港六合彩

هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...

Security testing

Conectarea sgdb acces la un server oracle

Data mining tools for excel and sql server

Php reports sumit

apidays New York 2023 - Putting yourself out there - how to secure your publi...

Vulnerabilities on Various Data Processing Levels

Web hackingtools cf-summit2014

CNIT 123 Ch 10: Hacking Web Servers

php databse handling

Hacking oracle using metasploit

Hacking Oracle Web Applications With Metasploit

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55

Understanding the Laravel MVC ArchitecturePixlogix Infotech

My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j

08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls

A Domino Admins Adventures (Engage 2024)Gabriella Davis

Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC

SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren

Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun

Scaling API-first – The story of a global engineering organizationRadu Cotescu

Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung

Google AI Hackathon: LLM based Evaluator for RAGSujit Pal

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited

08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls

[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...

Understanding the Laravel MVC Architecture

My Hashitalk Indonesia April 2024 Presentation

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...

08448380779 Call Girls In Friends Colony Women Seeking Men

A Domino Admins Adventures (Engage 2024)

Breaking the Kubernetes Kill Chain: Host Path Mount

SQL Database Design For Developers at php[tek] 2024

Data Cloud, More than a CDP by Matt Robison

Scaling API-first – The story of a global engineering organization

Handwritten Text Recognition for manuscripts and early printed texts

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Google AI Hackathon: LLM based Evaluator for RAG

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365

08448380779 Call Girls In Civil Lines Women Seeking Men

[2024]Digital Global Overview Report 2024 Meltwater.pdf

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

Error codes & custom 404s

3. • Error Codes are very common during Web Application Security tests • Often seen as a non-security issue • Easy to remediate

4. • Error Codes can unveil a lot of information regarding an Application to an attacker • This includes: – Databases – Bugs – Server Config

5. – Microsoft OLE DB Provider for ODBC Drivers (0x80004005) [MySQL][ODBC 3.51 Driver]Unknown MySQL server – Microsoft OLE DB Provider for ODBC Drivers error '80004005' [Microsoft][ODBC Access 97 ODBC driver Driver]General error Unable to open registry key 'DriverId‘ – Not Found The requested URL /page.html was not found on this server. Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7g DAV/2 PHP/5.1.2 Server at localhost Port 80

6. • If a user requests a dynamic resource that does not exist (for example, an ASPX file), then the user sees the default server error message generated by ASP.NET for HTTP 404 errors:

7. • If an unhandled exception occurs in the application, then the user sees the default server error message generated by ASP.NET for HTTP 500 errors:

8. • ASP.NET web application developers call these the " "( ) • Similar to this traffic light, Users and Developers are unaware of the risk these errors can have

9. • Add error pages for 404 and 500 error codes from within the application configuration file (web.config) • This instruct IIS to use the specified custom pages for these error codes

Error codes & custom 404s

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to Error codes & custom 404s

Similar to Error codes & custom 404s (20)

Recently uploaded

Recently uploaded (20)

Error codes & custom 404s