Information Leakage-Error Messages | Techbirds

Posted on: September 16, 2014 /

Categories: General / Author Name: Piyush Jain

Information Leakage Through Error Messages The application reveals information about how data validation is being performed, required data formats, or other information an attacker can use to construct malicious payloads to insert into requests.

To Ensure it, Replace all error messages with error codes if possible. If error messages must be displayed in order to enable a user to correct a problem, the messages should only contain the absolute minimum information necessary for the user to identify and correct the problem.

An example from the Microsoft site – We’re sorry, but there is no Web page that matches your entry. It is possible you typed the address incorrectly, or the page may no longer exist.

To achieve this we can add error document for each type of error (e.g. 500 – Internal Server Error, 403 – Forbidden Error and so on).

Linchpin Technologies Pvt Ltd, a mobile app development company India , is globally recognized as enterprise app development company

1,180 total views, 1 views today

Share this On Tags: htaccess, PHP, Security, Web Development