PCI DSS 6.5.6
Posted: January 20th, 2010 | Filed under: IIS & HTTP, Web Security Tools | Tags: error handling, pci, servermaskInformation Leakage and Improper Error Handling
Information leakage and improper error handling happen when web applications do not limit the amount of information they return to their users. Web applications have the potential of leaking information about the version of web server (IIS, Apache, etc..) you are running, operating system, patch levels, and name and versions of web applications (PHP, SSL, SQL) your site may be utilizing. This in itself is an important lack of security, but showing detailed error bugs or debug code is as well.
Read the rest of this entry »
