Secure Coding Practices, Part 7: Error Handling

by Steven McElwee, CISSP

Error handling is important in software applications. For developers, it may be a necessary evil, but for security professionals, it is a vital part of maintaining confidentiality, integrity, and availability. Error handling, tied with appropriate logging, is also important for investigation of incidents.

One of the most important functions of error handling is that it must allow the application to fail securely. Errors or exceptions must not compromise the application by exposing confidential information or allowing the user to do what is unauthorized for their profile. Just like a firewall should fail closed, an application should fail securely.

Errors and exceptions may mean that the information processed by the application has been processed incompletely. This may compromise the integrity of data or leave the application unavailable.

When writing secure code or reviewing the code of others, be sure to ask the following questions:

• Are exception handling mechanisms used consistently?
• Does the application fail securely? If so, how?
• Are open transactions processed appropriately if an error is encountered during processing?
• Are error messages displayed to the users informative without revealing information about system internals or other sensitive data?
• For function-based error handling, are return values of functions tested?
• For exception-based error handling, are specific exceptions caught, rather than broad exception handlers (i.e. Throwable in Java)?
• Are exceptions that are caught managed and logged (i.e. no empty catch{} blocks)?

Remember that software testing may not reveal how an application will handle errors, since it is often unplanned combinations of events and data that expose them. This makes finding them in source code review essential.