| Reference Number: AA-00687 Created: 2012-09-20 17:32 Last Updated: 2012-10-05 06:33
0 Rating/ Voters
PCI Compliance Scans for Windows-based Accounts
If you or your client are required to ensure your website and
webspace meet the standards of PCI Compliance, this article will explain
various issues that can arise in our particular Windows based
environment and how they relate to any PCI compliance scans you may need
to perform. There are a number of common issues users run into when
first performing such scans. Below are the basic reasons for these
errors and how they can be resolved.
ASP.NET Web Server Information Disclosure
The most common issue incurred is that detailed errors are visible to the web for asp.net applications by default.
Unless you or your clients developer needs to see these error
details for development reasons, you can enable custom error pages to
over-ride that setting. This is done using a web.config file in the root
of your site space. A quick example of one such web.config file is
provided below. Placing the following content into a text file, renaming
it web.config and posting this to your site space will do the trick and
will redirect any asp.net error pages to your root index.html file.
<customErrors defaultRedirect="index.html" mode="On">