<span id="7ztzv"></span>

<sub id="7ztzv"></sub>

<span id="7ztzv"></span><form id="7ztzv"></form>

<span id="7ztzv"></span>

<address id="7ztzv"></address>

Errors

Errors and error handling represent a class of API. Errors related to error handling are so common that they deserve a special kingdom of their own. As with "API Abuse," there are two ways to introduce an error-related security vulnerability: the most common one is handling errors poorly (or not at all). The second is producing errors that either give out too much information (to possible attackers) or are difficult to handle.

Contents

ColdFusion

• Poor Error Handling: Unhandled Exception

COBOL

• Poor Condition Handling: Ignored Condition

C#/VB.NET/ASP.NET

• Poor Error Handling: Empty Catch Block
• Poor Error Handling: Overly Broad Catch
• Poor Error Handling: Program Catches NullReferenceException

Java/JSP

• Poor Error Handling: Empty Catch Block
• Poor Error Handling: Overly Broad Catch
• Poor Error Handling: Overly Broad Throws
• Poor Error Handling: Program Catches NullPointerException
• Poor Error Handling: Return Inside Finally
• Poor Error Handling: Swallowed ThreadDeath
• Poor Error Handling: Throw Inside Finally
• Poor Error Handling: Unhandled SSL Exception

PLSQL/TSQL

• Poor Error Handling: Empty Default Exception Handler

Copyright 2013 Fortify Software - All rights reserved.
(Generated from version 2013.1.1.0008 of the Fortify Secure Coding Rulepacks)

<span id="7ztzv"></span>

<sub id="7ztzv"></sub>

<span id="7ztzv"></span><form id="7ztzv"></form>

<span id="7ztzv"></span>

<address id="7ztzv"></address>