Actually, whoever is developing the site is a noob. The asp.net environment should be configured so that it shows friendly error messages only to anyone externally, the stack trace information and so on could easily be caught and emailed to an administrator or logged appropriately with people being notified. This is **** they teach you in the asp.net 101 type of class.

The configuration should be handled via web.config in the web root. The stack trace handling is easy enough to do via maybe 10 lines of code in the global.asax file.

These guys are failing basic web app security and should probably be pointed at owasp.org and msdn.com .

Their inability to do basic error handling and graceful failure is just letting people get their foot in the door and collect info about their web app.