M7.8 Short Paper
Introduction
Error messages can lead to serious threats. Developers should always ensure that an application does not display information that can be dangerous. In this activity, you will explore security vulnerabilities in error handling.
Instructions
Consider this scenario. A user tries to put some invalid input into a web application. The user receives the following error on the screen:
In a one to two-page short paper, address the following:
What are the possible vulnerabilities from the above error message?
How does the error message help an attacker exploit these vulnerabilities?
What security measures should the developer take to prevent such error messages?