O'Reilly logo

Secure Programming with Static Analysis by Jacob West, Brian Chess

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

8. Errors and Exceptions

What could possible go wrong?

–ANONYMOUS

Security problems often begin with an attacker finding a way to violate a programmer’s expectations. In general, programmers give less thought to error conditions and abnormal situations than they do to the expected case, which makes errors and exceptions a natural path for attackers to follow. In this chapter, we consider the security implications of common error and exception handling scenarios. Most of the mistakes discussed in this chapter do not lead directly to exploitable vulnerabilities the way buffer overflow or SQL injection does. Instead, they provide the conditions necessary for a later security failure.

More often than not, the language a program is written in dictates ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required