http://angelsofsecurity.com/blog Musings of an infosec renegade Tue, 02 Aug 2011 19:01:53 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 http://angelsofsecurity.com/blog/2009/05/19/error-handling/ http://angelsofsecurity.com/blog/2009/05/19/error-handling/#comments Tue, 19 May 2009 16:22:53 +0000 admin http://angelsofsecurity.com/blog/2009/05/19/error-handling/ Error handling is one of the most often overlooked areas of application security. If you have a public-facing application, you don’t want the public to know too much about how the application works, even if you’re convinced they should never see errors. Case in point is demonstrated in the image presented here. I was just surfing the web, reading about one of my other innocuous hobbies (in this case baseball) when I came across the following page. As a user, I shouldn’t be able to see any of that. As an attacker, I just found a goldmine if information which I can use to try and exploit the site.

]]> http://angelsofsecurity.com/blog/2009/05/19/error-handling/feed/ 0