O'Reilly logo

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them by John Viega, David LeBlanc, Michael Howard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SIN 9CATCHING EXCEPTIONS

OVERVIEW OF THE SIN

Exception handling is an often misused feature of programming languages and operating systems. Basically, if something’s gone wrong, and you don’t know exactly how to correct it, then the only safe thing you can do is to exit the application. Trying to do anything else may lead to an unstable application, and an unstable application is typically some amount of work away from being an exploitable application.

Three related sins are Sin 11, “Failure to Handle Errors”; Sin 13, “Race Conditions”; and Sin 12, “Information Leakage.”

CWE REFERENCES

CWE also recognizes catching broad exceptions as an issue.

CWE-396: Declaration of Catch for Generic Exception

AFFECTED LANGUAGES

As is often the case, C and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required