Preventing Information Leakage

Disclosing system information helps an adversary learn about your site and form a plan of attack. Try to reveal as little about your technology stack and architecture as possible, beyond what is essential for your users to know.

Risks

Prevalence
Common
Rating prevelance on Rating prevelance on Rating prevelance on
Exploitability
Easy
Rating exploitability on Rating exploitability on Rating exploitability on
Impact
Worrying
Rating impact on Rating impact on Rating impact on

Revealing system information makes life easier for an attacker, and gives them a playbook of vulnerabilities they can probe for. It may not be feasible to completely obscure your technology stack, but some simple steps can go 90% of the way to discouraging most attackers. Be extra sure to scrub any debug or error information that might reveal what is going on behind the scenes – this is typically where an attacker will try to find vulnerabilities first.

When a zero-day vulnerability is discovered, hackers will immediately try to find a way to exploit it. If your site leaks information about the technology you use, you could well become subject to automated attacks.