Skip to content

Security Test: Debug mode

Description

Default Severity:

When Debug mode is left enabled, it accidentally gives attackers detailed error information that can reveal the inner workings of your application. This information, which includes full stack traces or detailed error messages, can help an attacker understand how your system is built and find weaknesses to exploit. Developers might forget to disable it in production, exposing sensitive internal details that could lead to further attacks, such as data leaks or even a full system compromise. The risk is high because what seems like a small oversight can provide a full roadmap to the vulnerabilities in your code.

Reference:

Configuration

Identifier: information_disclosure/debug_mode

Examples

All configuration available:

checks:
  information_disclosure/debug_mode:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API7:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 6.5.5
GDPR Article-32
SOC2 CC6
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP AC-6
CWE 215
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
CVSS Score 5.1