Exception Management

From Guidance Share

Jump to: navigation, search

Contents

Description

Exceptions that are allowed to propagate to the client can reveal internal implementatiodetails that make no sense to the end user but are useful to attackers. Applications thatdo not use exception handling or implement it poorly are also subject to denial of servicattacks.


Vulnerabilities

  • Revealing sensitive data
  • Lack of exception handling


Attacks

  • Attacker Reveals Implementation Details
  • Denial of Service


Countermeasures

Countermeasures to prevent Exception Management issues include:

Personal tools