Application Security · Flashcard

How should an application handle an exception it did not anticipate?

  • ACatch it in a handler that returns controlled, generic output — never leaving it unhandled
  • BLet it propagate to the framework's default handler — which shows a full stack-trace page
  • CWrite the raw exception into the response body — so the user can report the details back
  • DRetry the failing operation over and over until it succeeds — hiding the error from view

Why this is the answer

A handler returning controlled output prevents crashes and information leaks (CWE-391) — the framework default exposes stack traces, writing the exception to the response leaks internals to the user, and blind retries can loop forever or mask a real fault.

Official docs
Study in Gnoseed →