Cornucopia - Ecommerce Website - C 6

Suit: Cornucopia

Card/Value: 6

Description:
Aaron can bypass controls because error/exception handling is missing, or is implemented inconsistently or partially, or does not deny access by default (i.e. errors should terminate access/execution), or relies on handling by some other service or system.

Technical Note:
Ensure all forms of error are handled robustly and consistently (e.g. web server, application server, database server, JavaScript, other interpreters). This encompasses:
 * Implement generic error messages and use custom error pages.
 * The application should handle application errors and not rely on the server configuration.
 * Properly free allocated memory when error conditions occur.
 * Error handling logic associated with security controls should deny access by default.
 * When exceptions occur, fail securely.

References:
« Previous Card | Cornucopia | Next Card »