Start of main content
Talk type: Talk
Not All Errors Are Helpful
Entered an invalid value in the API - received an error text or an unhandled exception. The error text helps users enter and submit the correct values, and QA checks this in autotests.
But not all errors are equally useful from a security point of view:
- Some error texts may reveal information about the system and internal infrastructure.
- Validation may contain vulnerabilities.
- Errors can be confusing for the QA - when, focusing on the error, we believe that the method has not been executed. Sometimes it doesn't.
During the presentation, we will consider examples where a “error” is a security issue. The report will be of interest to anyone interested in security testing.