Scribd
Upload
43 views

Introduction To Secure Coding

Uploaded by

Muhammad Usman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views

Introduction To Secure Coding

Uploaded by

Muhammad Usman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Hamza Siddiqui

66431

Intro to Secure Coding

27th July, 24

Sir Atir
Security Concerns

1. Disclosure of Information:

Stack Traces: By displaying stack traces, attackers can find flaws in the code by seeing its
layout and structure.

Configuration Details: Details about the programs, versions, server, and database may be
made public, allowing the hackers to target and exploit certain vulnerabilities.

Sensitive Information: Passwords and usernames may unintentionally be included in error


messages. This can give the hackers an open access to breach your confidentiality.

2. Attacks that can poison you:

SQL Injection: Long fault messages can provide information about the layout of the
databases, which will result in the creation of SQL injection attacks by threat hunters.

Cross-Site Scripting (XSS): Disclosing information about input validation, attackers can
learn how to reach and exploit these validations.

3. User Confusion and Trust Issues:

 Non-Technical Users: complex and hard to read messages can confuse the users, which
will reduce their trust in the application's security and reliability.

Correct Methods for Handling Errors

Users who face error messages:

Generic Messages: Display generic and easy to read language error messages to
users, for example; "An error has occurred. Please try again later."

Logging and Monitoring:

Detailed Logs: Recording of detailed error logs, this will result where the
information is leaking

Sensitive Data: Ensure that sensitive data is either encoded or hashed in logs to
prevent unauthorized access.

Exception Handling:

Centralized Error Handling: Use a centralized error handling mechanism to


ensure consistent and secure error responses across the application.
Graceful Degradation: Ensure that the application is robust, it can recover and
work in tough conditions.

Security Measures:

Input Validation: Implement resilient input validation to minimize the risk of


errors caused by harmful input.

Regular Auditing: Conduct regular security audits, your SEO team should audit
the records more often.

Some more information which will help you in security

Debugging and Development:

Detailed information of error logs help developers identify and fix bugs in the
application code.

Security Analysis:

Error logs can be used to identify security loopholes and attack patterns.

Compliance and Auditing:

Maintaining detailed logs is often a requirement for a organization with security


standards and regulations. It also provides an audit trail that can be used for
forensic analysis in the event of a security breach.

You might also like