Printing exception messages using StackTrace is not secure since it may give detailed information about exceptions that occurred that help the attacker in determining loopholes and security flaws in an application. Instead of using StackTrace it is better to use Message to print error messages.
The objectives of this lab are to learn:
- The correct way of handling exceptions
- The correct way of printing exception messages
To be a secure programmer, you must have a good understanding of how to protect your code and make it secure against vulnerabilities.
To work on exceptions in an application, you must be familiar with exception handling.
.NET Error Handling, Auditing, and Logging
Secure Programming Exercises / .NET Error Handling, Auditing, and Logging contains the following Exercises:
- Vulnerability in Printing StackTrace
- Vulnerability in Exception.ToString()
- Page-Level Exception Handling
- Handling Exceptions with the Application_Error Event Handler
- Handling Exceptions with the ASP.NET Error Page Redirection Mechanism
- Sensitive Information Leakage Vulnerability in Custom Error Messages
The Virtual Private Cloud for this Lab set utilizes:
Secure Programming Exercises are available as part of the following subscription:
Each subscription provides 6 months access to 68 Different Exercises. Each exercise contains a Scenario, Objectives, and individual step by step tasks to guide the user through all steps necessary to complete the exercise. The Secure Programming Exercises are designed to give the user an ultimate hands-on experience. Each exercise category above has it’s own Virtual Private Cloud that comes preconfigured with Vulnerable websites, Victim Machines, and the environment is LOADED with tools. Included in your network share are all the supporting tools required to practice in the Cyber Range / Lab environment.
Lab exercises are included for:
- Input Validation and Output Encoding
- .NET Authentication and Authorization
- Secure Session and State Management
- .NET Cryptography
- .NET Error Handling, Auditing, and Logging
- .NET Secure File Handling
- .NET Configuration Management and Secure Code Review