6 Error Handling and Exception Testing

In the previous chapter, you were introduced to the art of injecting code into legitimate input fields for API endpoints. Some of these types of threats use old techniques but they are still quite prevalent. One of them consists of fuzzing the text that will be injected. This may cause the target endpoint to misbehave simply because it was not prepared to receive unusual or bizarre input texts. This happens because the API endpoint is not correctly handling errors or the code implementing it is not treating eventual exceptions.

Therefore, it is very important for API and application owners that both errors and exceptions are correctly tested and handled. And of course, you, as a pentester, cannot forget ...

Get Pentesting APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting APIs by Maurício Harley

6

Error Handling and Exception Testing

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly