Written by JCJanuary 23, 2016May 23, 2016

Deployments – Don’t deploy the wrong file to the wrong place

When deploying a website you should try to deploy the minimum amount of files required to run the site. If extra files are deployed, or deployed to the wrong place, these may leak information.

Examples include

WSDL files that are not required
DLLS deployed outside the bin directory. On some versions of IIS (out of the box) dlls outside the bin directory can be downloaded and then easily decompiled (you can control the files that can be downloaded via IIS mime types)
Read me or instructions

Basically get rid of the junk – if it does not serve a purpose remove it.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

	CRSF (ASP.NET MVC):… on CSRF – Cross Site Reques…
	CRSF (ASP.NET MVC):… on CSRF – AntiForgeryToken…
	WeakBroken Authentic… on CSRF – Cross Site Reques…
	WeakBroken Authentic… on RequireSSL – Marking Coo…
	WeakBroken Authentic… on Mark Cookies as HTTPONLY

ASP.NET MVC Security

Learn about secure ASP.NET MVC sites

Deployments – Don’t deploy the wrong file to the wrong place

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply