

67% of ASP.NET websites have serious config related security vulnerabilities - troyhunt
http://www.troyhunt.com/2012/04/67-of-aspnet-websites-have-serious.html

======
stevear
This would be a symptom of developers also being the sysadmins.

On another note, Microsoft typically has good documentation but I feel that
they need a very simple 5 page 'Owners Guide' for some products that goes over
the most important topics in a simple manner. We can't assume that only
experts will use said products so at least provide a dead simple 'This is how
to not screw yourself' guide.

The custom errors issue the article talks about is an insanely basic
configuration error that is NOT the default. Someone started tinkering with a
setting without realizing it's full extent.

