Ideas for Improving ASP and ASP.NET Web Application Security

Print Add To Favorites Email To Friend Rate This Article
Ideas for Improving ASP and ASP.NET Web Application Security - Part 2

page 6 of 11

by Brett Burridge
Feedback

Average Rating: This article has not yet been rated.
Views (Total / Last 10 Days): 38108/ 72

Article Contents:

Switch Directory browsing off

Again, this is basic advice, but it is essential to ensure that the directory browsing setting within IIS is set to off. If directory browsing is on, it means that a user will automatically see the contents of a folder that does not contain a default document (i.e. default.htm or default.asp on most IIS servers).

This is especially hazardous if you have confidential information on your website or the website earns its revenue from selling content that is downloaded from the website itself, such as documents or software download files.

Needless to say, you should also ensure that IIS is also configured to enable default documents. Switching the directory browsing off and enabling default documents should be done at the website level, so that any new sub-folders created on the website inherit the settings.

« (Page 5)

View Entire Article

(Page 7) »

User Comments

No comments posted yet.

Product Spotlight