PCI Compliance Scans for Windows-based Accounts
If you or your client are required to ensure your website and webspace meet the standards of PCI Compliance, this article will explain various issues that can arise in our particular Windows based environment and how they relate to any PCI compliance scans you may need to perform. There are a number of common issues users run into when first performing such scans. Below are the basic reasons for these errors and how they can be resolved.
ASP.NET Web Server Information Disclosure
The most common issue incurred is that detailed errors are visible to the web for asp.net applications by default.
Unless you or your clients developer needs to see these error details for development reasons, you can enable custom error pages to over-ride that setting. This is done using a web.config file in the root of your site space. A quick example of one such web.config file is provided below. Placing the following content into a text file, renaming it web.config and posting this to your site space will do the trick and will redirect any asp.net error pages to your root index.html file.
<configuration>
<system.web>
<customErrors defaultRedirect="index.html" mode="On">
</customErrors>
</system.web>
</configuration>