Disclosing system information helps an adversary learn about your site
and form a plan of attack. Try to reveal as little about your
technology stack and architecture as possible, beyond what is essential
for your users to know.
Revealing system information makes life easier for an attacker, and gives
them a playbook of vulnerabilities they can probe for. It may not be
feasible to completely obscure your technology stack, but some simple
steps can go 90% of the way to discouraging most attackers. Be extra sure
to scrub any debug or error information that might reveal what is going
on behind the scenes – this is typically where an attacker will try
to find vulnerabilities first.
When a zero-day vulnerability is discovered,
hackers will immediately try to find a way to exploit it. If your site leaks
information about the technology you use, you could well become subject to