Rails Debug Mode Enabled
Rails debug mode enabled misconfiguration can expose sensitive information, potentially leading to security vulnerabilities.
Security Misconfiguration (SM)
How this template works
The API selection filters in this template specify the criteria for selecting the API to be tested. In this case, the filters include the response code range (between 200 and 299) and the extraction of the URL into a variable called "urlVar".
The execute section of the template defines the type of request to be executed and provides the details of the request. In this case, it is a single request that modifies the URL by appending "/cy8Ku20LH6V6Yc0q0pJX" to the extracted URL variable.
The validation section specifies the expected response payload and defines the conditions that need to be met for the validation to pass. In this template, the response payload is expected to contain the strings "Rails.root:" and "Trace". If both strings are present in the response, the validation will pass.
Frequently asked questions
What is the impact of enabling Rails debug mode in a production environment
How can the Rails Debug Mode Enabled misconfiguration be classified in terms of security
What are the potential risks associated with the Rails Debug Mode Enabled misconfiguration
How can the Rails Debug Mode Enabled misconfiguration be mitigated
Which category and subcategory does the Rails Debug Mode Enabled misconfiguration belong to
Are there any references or resources available for further information on the Rails Debug Mode Enabled misconfiguration