Improving Web Application Security: Threats and Countermeasures
| Check | Description |
|---|---|
|
| Unnecessary Web service protocols, including HTTP GET and HTTP POST, are disabled. |
|
| The documentation protocol is disabled if you do not want to support the dynamic generation of WSDL. |
|
| The Web service runs using a least-privileged process account (configured through the <processModel> element in Machine.config.) Custom accounts are encrypted by using Aspnet_setref.exe. |
|
| Tracing is disabled with: <trace enabled="false" /> |
|
| Debug compilations are disabled with:
<compilation debug="false" explicit="true" defaultLanguage="vb"> |
Категории