Sin 6: Failing to HandleErrors

Previous page
Table of content
Next page

Overview of the Sin

Many security risks are possible when programmers fail to handle an error condition correctly. Sometimes a program can end up in an insecure state, but more often the result is a denial of service issue as the application simply dies. This problem is significant in even modern languages, such as C# and Java, where the failure to handle an exception, rather than a return value, usually results in program termination.

The unfortunate reality is that any reliability problem in a program that leads to the program crashing, aborting, or restarting is a denial of service issue, and therefore can be a security problem, especially for server code.

A common source of errors is sample code that has been copied and pasted. Often sample code leaves out error return checking to make the code more readable.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Image Processing with LabVIEW and IMAQ Vision
C++ How to Program (5th Edition)
An Introduction to Design Patterns in C++ with Qt 4
GO! with Microsoft Office 2003 Brief (2nd Edition)
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy