Error handling

Wrong or missing error handling can lead to security vulnerabilities. Exceptions are powerful, but they are difficult to implement correctly (Introducing second control-flow, jumping between exception handlers, etc.)

Examples

  • Leakage of internal information
    • Error messages being presented to user (e.g. PHP error messages)
  • Empty catch block
    • Ignoring exceptions may result in unexpected behavior