diff --git a/http/misconfiguration/microsoft/aspnetcore-dev-env.yaml b/http/misconfiguration/microsoft/aspnetcore-dev-env.yaml
new file mode 100644
index 0000000000..e05dd437f0
--- /dev/null
+++ b/http/misconfiguration/microsoft/aspnetcore-dev-env.yaml
@@ -0,0 +1,40 @@
+id: aspnetcore-dev-env
+
+info:
+ name: ASP.NET Core Development Environment - Exposure
+ author: Mys7ic
+ severity: info
+ description: |
+ The ASP.NET Core application is running in Development mode, which could exposes detailed error messages and stack traces on the '/Error' page.
+ impact: |
+ Exposing detailed error messages and stack traces can reveal sensitive information such as server configurations, file paths, source code snippets, and other debug information. Attackers can use this information to identify vulnerabilities and compromise the application or underlying systems.
+ remediation: |
+ Set the 'ASPNETCORE_ENVIRONMENT' environment variable to 'Production' and ensure that detailed error messages are not exposed to end-users.
+ reference:
+ - https://docs.microsoft.com/en-us/aspnet/core/fundamentals/environments
+ metadata:
+ max-request: 1
+ vendor: microsoft
+ product: asp.net-core
+ shodan-query: html:"ASPNETCORE_ENVIRONMENT"
+ verified: true
+ tags: misconfig,aspnetcore,exposure
+
+http:
+ - method: GET
+ path:
+ - "{{BaseURL}}/Error"
+
+ matchers-condition: or
+ matchers:
+ - type: word
+ part: body
+ words:
+ - "ASPNETCORE_ENVIRONMENT environment variable to Development"
+
+ - type: word
+ part: body
+ words:
+ - "ASPNETCORE_ENVIRONMENT"
+ - ""
+ condition: and