Cornucopia - Ecommerce Website - C 6
Aaron can bypass controls because error/exception handling is missing, or is implemented inconsistently or partially, or does not deny access by default (i.e. errors should terminate access/execution), or relies on handling by some other service or system.
- Implement generic error messages and use custom error pages.
- The application should handle application errors and not rely on the server configuration.
- Properly free allocated memory when error conditions occur.
- Error handling logic associated with security controls should deny access by default.
- When exceptions occur, fail securely.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|