OWASP Code Review Guide: Error Handling. ![]() Carefully test and verify error handling code.Ensure that exceptions are logged in a way that gives enough information for support, QA, forensics or incident response teams to understand the problem.Ensure that error messages displayed to users do not leak critical data, but are still verbose enough to enable the proper user response.Ensure that all unexpected behavior is correctly handled inside the application. Manage exceptions in a centralized manner to avoid duplicated try/catch blocks in the code.Other error handling problems could lead to increased usage of CPU or disk in ways that could degrade the system. ![]() This is usually a fairly easy vulnerability for attackers to exploit.
0 Comments
Leave a Reply. |