Improvement #10 - ELMAH Security Validator

This is the tenth and final post in the series 10 improvements in 10 days. Yesterday we gave away a 15 % discount on MyGet. Today we wanted to end this series with a big bang.

One of the nice features in ELMAH is also one of the more dangerous. As default, access to your ELMAH logs (/elmah.axd) is available from localhost only. But using a small config change, you can actually browse your errors logs on a deployed website. Troy Hunt already proved why open ELMAH logs are very dangerous and can be easily exploited by hackers. To help you secure your ELMAH logs, we introduce the ELMAH Security Validator.

The ELMAH Security Validator lets you input your URL and seconds later you will be presented with the result of the scan:

ELMAH Security Validator

The tool is available at https://elmah.io/tools/validator.

We'll do a follow up on all of the improvements next week. So for now, have a great weekend.



Features steps
We monitor your websites

We monitor your websites

We monitor your websites for crashes and availability. This helps you get an overview of the quality of your applications and to spot trends in your releases.

We notify you

We notify you

We notify you when errors starts happening using Slack, HipChat, mail or other forms of communication to help you react to errors before your users do.

We help you fix bugs

We help you fix bugs

We help you fix bugs quickly by combining error diagnostic information with innovative quick fixes and answers from Stack Overflow and social media.

See how we can help you monitor your website for crashes Monitor your website