PCI Compliance is an asshole misleading compliance created by some capitalist junkies to say u r secure!!! ... In my opinion it`s a full of shit but yeah everyone gotta comply with it to ensure our shareholders or investors that we are secured for digital business althought http://www.technewsworld.com/story/64926.html says otherwise.
Having said that one of PCI -C is to disbaled Debug mode on the webserver. IIS/ASP by default didn`t turn on DEBUG mode. But you know developers :)
To test for DEBUG verb in IIS/ASP u can run command like this with curl.
curl -H "Command: stop-debug" -X DEBUG http://index/foo.asp # can be foo.asp or foo.aspx
If it returns.
OK
So DEBUG is enabled and need to be turned off.
A screenshot example
How to disable DEBUG: http://support.microsoft.com/kb/815157
Having said that one of PCI -C is to disbaled Debug mode on the webserver. IIS/ASP by default didn`t turn on DEBUG mode. But you know developers :)
To test for DEBUG verb in IIS/ASP u can run command like this with curl.
curl -H "Command: stop-debug" -X DEBUG http://index/foo.asp # can be foo.asp or foo.aspx
If it returns.
OK
So DEBUG is enabled and need to be turned off.
A screenshot example
How to disable DEBUG: http://support.microsoft.com/kb/815157
No comments:
Post a Comment