Please advice on below issues that we are facing to clear security penetration in one of our implementations.
WSDL information publicly available (sites/pwa/_vti_bin/spsdisco.aspx), Is there any way to hide this information and why at first it is visible if it is considered a security threat.
ViewState without MAC signature
/_vti_bin/_vti_admin/admin.dll directory listing information showing at some end points
WebParts Error handling, if web part fails to render can we change the default message to something like please contact administrator, instead of default message that if you have permission to enter web part maintenance page kindly do this and that ...
/_vti_pvt/service.cnf how can we block access to this service page