Improving Web Application Security: Threats and Countermeasures

Configuration files are locked down and secured for both the client and the server.

Generic error messages are sent to the client by setting the mode attribute of the <customErrors> element to "On".