Security Test: Frontend Stacktrace¶

Description¶

Default Severity:

Detailed error messages reveal too much about your system, such as which database or code libraries you're using, making it easier for attackers to find and exploit known vulnerabilities. When developers leave raw error messages accessible, they unintentionally give attackers a blueprint for targeting weaknesses in production systems, increasing the risk of a breach. It’s crucial to keep these details hidden from users and only available in internal logs for debugging purposes.

Reference:

https://infosecwriteups.com/exploiting-error-based-sql-injections-bypassing-restrictions-ed099623cd94

Configuration¶

Identifier: frontend_information_disclosure/stacktrace

Examples¶

All configuration available:

checks:
  frontend_information_disclosure/stacktrace:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API7:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`6.5.5`
GDPR	`Article-32`
SOC2	`CC1`
PSD2	`Article-95`
ISO 27001	`A.14.2`
NIST	`SP800-53`
FedRAMP	`SI-10`
CWE	`209`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C`
CVSS Score	`5.1`