During a code audit, a developer notices that error messages reveal sensitive information about the system's internal structure. This practice goes against the secure coding principle of ____________.
- Defense in Depth
- Error Handling and Logging
- Least Privilege Principle
- Principle of Least Astonishment (POLA)
The secure coding principle violated in this scenario is "Error Handling and Logging." Revealing sensitive information through error messages can aid attackers in understanding the system's internal structure, facilitating potential exploits. Secure coding practices emphasize proper error handling to avoid leaking sensitive details and maintaining a robust defense against unintended information disclosure.__________________________________________________
Loading...
Related Quiz
- Which of the following is a common type of malware that replicates itself to spread to other computers?
- A _______ is a list maintained by a Certificate Authority that contains all the certificates it has revoked.
- In incident handling, ____________ is the practice of collecting, preserving, analyzing, and presenting digital evidence in a legally acceptable manner.
- A mandatory _______ policy is a type of security policy that relies on labels (attached to objects and users) to determine access.
- The technique of ____________ encoding is often used to bypass basic input validation checks for XSS.