Introduction
In this blog, we are discussing the importance of error handling in application security. While writing code we used to think about code optimization application performance but we are not worrying about secured code. Let's understand the best approaches for implementing error handling.
Application Designed To Fail Gracefully
In case of runtime if any error occurred in the sense we need to show a generic error message instead of this application is exposing any sensitive information or method name or line number and code snippet we need to avoid. Please check the below snapshot for a better understanding.
![]()
In the above snapshot, we can see an error message, code, and exception details.
Error Handling In Methods:- Developers should use the try and catch block while writing a code.
try {
// code
}
Catch(Exception ex) {}
System Errors
We should not expose the system error to users. For example, if the user hits a wrong URL instead of showing an IIS error screen we can show a custom error page.
![]()
Summary
In this blog, we discussed the importance of error handling in application security.
I hope that you find it helpful. Eat->Code->Sleep->Repeat.