What is the best practice to mitigate the vulnerabilities from a lack of proper error handling in an application?
- Use only a minimum set of error messages.
- Use a strong algorithm to encrypt the transmission of error messages.
- Use a well-thought-out scheme to provide meaningful error messages to the users but no useful information to an attacker.
- Use a third-party hosting service to provide coded error messages and transmit them securely to users, software developers, and support staff.
|
Explanation & Hint: Improper error handling is a weakness and security malpractice that can provide information to help an attacker perform additional attacks on the targeted system. A best practice is to handle error messages according to a well-thought-out scheme that provides a meaningful error message to the user, diagnostic information to developers and support staff, and no useful information to an attacker. |