Avoid using generic exceptions

Summary

The system should use typified exceptions instead of generic exceptions.

Description

Catching generic exceptions obscures the problem that caused the error and promotes a generic way to handle different categories or sources of error. This may cause security vulnerabilities to materialize, as some special flows go unnoticed.

Supported In

This requirement is verified in following services

Plan	Supported
Essential	🔴
Advanced	🟢

References

CWE™-396. Declaration of catch for generic exception
CWE™-397. Declaration of throws for generic exception
CERT-J-ERR01-J. Do not allow exceptions to expose sensitive information
CMMC-SC_L2-3_13_6. Network communication by exception
ISSAF-U_15. Web application SQL injections – Countermeasures
CWE TOP 25-476. NULL pointer dereference
OWASP ASVS-4_1_5. General access control design
CASA-4_1_5. General Access Control Design
SANS 25-12. NULL pointer dereference

Vulnerabilities

140. Insecure exceptions - Empty or no catch
278. Insecure exceptions - NullPointerException

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

Summary​

Description​

Supported In​

References​

Vulnerabilities​

Summary

Description

Supported In

References

Vulnerabilities