Security Test: Error type inconsistency¶
Description¶
Default Severity:
Errors in software can sometimes come in different "flavors" than what a program expects. When your code expects one type of error but gets another, it might not handle it properly, leading to mishandled exceptions or even hidden security issues. Developers often assume consistency in error handling, but if an unexpected error type appears, it can bypass safeguards, potentially revealing sensitive details or opening doors for malicious exploits. Ensuring your error handling covers all possible error types is key to avoiding these kinds of pitfalls.
Configuration¶
Identifier:
configuration/error_type_inconsistency
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM02:2023 |
| PCI DSS | 6.5.5 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | SI-11 |
| CWE | 704 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:W/RC:C/CR:X/IR:X/AR:X/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:L |
| CVSS Score | 4.7 |