The Tale of Information Disclosure via error reporting

What is error reporting?

“Error Reporting” is used to generate the errors a program is causing. We can use this to find the problematic statements in the program such as Variable not initialized, Stack trace related errors, and kernel related errors. So it’s a very good function to detect and remediate the runtime errors. Generally developers did it in the developing phase.

1. To know more why a specific error has been caused..
2. Some organizations keep this feature compulsory in the initial phase of development and try to make it simple so more users will report the errors.

But think about that condition where developers forget to remove it and the application was deployed in the live environment, at that time an attacker can take advantage of it and look for the sensitive information about the application. It can help him in the information gathering phase.

1. Error reporting imposes a high risk on application as it discloses some highly sensitive information.
2. It will increase unnecessary overhead if some valuable data is disclosed.
3. This type of process creates so many logs on the database. Sometimes the SOC admin finds it a tedious task to work on that data as these logs don’t pose any…