Disable debugging events
Summary
The organization must disable debugging events in production.
Description
Debugging features are essential during the development phase to identify and fix issues in the code. However, these debugging tools and events should not be active or accessible in a production environment, where the software is functioning and serving users. In production, the primary focus is on stability, security, and performance.
References
- CAPEC-113. Interface manipulation
- CAPEC-116. Excavation
- CWE-210. Self-generated error message containing sensitive information
- CWE-497. Exposure of sensitive system information to an unauthorized control sphere
- CWE-1269. Product released in non-release configuration
- OWASP10-A5. Security misconfiguration
- CERTJ-ENV06-J. Production code must not contain debugging entry points
- PADSS-5_2_5. Improper error handling
- FEDRAMP-CA-7. Continuous monitoring
- OWASPSCP-7. Error handling and logging
- ASVS-14_3_2. Unintended security disclosure
- CWE-11. Creating debug binary
- CASA-14_3_2. Unintended Security Disclosure
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan