ASP.NET enables you to specify configuration settings that affect all Web applications on a server, that affect only a single application, that affect individual pages, or that affect individual folders in a Web application. You can make configuration settings for features, such as compiler options, debugging, user authentication, error-message display, connection strings, and more. Configuration data is stored in XML files that are named Web.config.
You can read more details about different kind of configuration settings in the Web.config files at https://msdn.microsoft.com/en-us/library/ff400235.aspx.
In this section, we will walk you through the rules in PUMA scan analyzers to catch security vulnerabilities in web configuration in an ASP.NET Web Forms project.
