Information Leakage-Error Messages

Information Leakage Through Error Messages The application reveals information about how data validation is being performed, required data formats, or other information an attacker can use to construct malicious payloads to insert into requests.

To Ensure it, Replace all error messages with error codes if possible. If error messages must be displayed in order to enable a user to correct a problem, the messages should only contain the absolute minimum information necessary for the user to identify and correct the problem.

An example from the Microsoft site – We’re sorry, but there is no Web page that matches your entry. It is possible you typed the address incorrectly, or the page may no longer exist.

To achieve this we can add error document for each type of error (e.g. 500 – Internal Server Error, 403 – Forbidden Error and so on).

Linchpin Technologies Pvt Ltd, a mobile app development company India , is globally recognized as enterprise app development company

889 total views, 2 views today

Share this OnShare on FacebookTweet about this on TwitterShare on LinkedInShare on Google+

Leave a Reply