CWE-209: Information Exposure Through an Error Message

Description

Error messages are very useful for developers, in order to debug a web application. But they must be used on development servers only. Indeed, error messages that are displayed on production environments lead to information exposure for potential attackers.

Risk measurement

Weakness Prevalence	High
Remediation Cost	Low
Attack Frequency	Often
Consequences	Data loss
Ease of Detection	Easy
Attacker Awareness	High

Comments

Talk:CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-209

CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-209

Contents

CWE-209: Information Exposure Through an Error Message

Description

Risk measurement

Comments

Share your opinion

Navigation menu

CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-209

CWE-209: Information Exposure Through an Error Message

Description

Risk measurement

Comments

Share your opinion

Navigation menu

Search