Detect Enabled ASP.NET Debugging

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Detect Enabled ASP.NET Debugging Detail

Information disclosed from this page can be used to gain additional information about the target system.

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication. If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in formulating targeted attacks against the system.

Some Advice for Common Problems

To disable debugging, open the Web.config file for the application, and find the element within the section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that the debug attribute in the element has not been set to "true" within the Machine.config file.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service