AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Empty Catch Block

Swallowing exceptions may result in hackers go unnoticed when they send unexpected requests to a target application

Severity

Low

Fix Cost

Medium

Trust Level

High

Modern high-level language compilers are particularly picky about empty catch blocks since these style of coding usually points to bad quality code.

We, developers, usually suppress these compiler warnings with code such as below;

            
try
{
String wholeFile = File.ReadAllText(path);
}
catch(IOException ioe)
{
// happy compiler
string happyCompiler = ioe.Message;
}
                
    

However, making any exception go unnoticed may help attackers to hide their trials and errors against the application. Additionally suppressing exception in this way will prevent any detail analysis against production problems.

Modern high-level language compilers are particularly picky about empty catch blocks since these style of coding usually points to bad quality code.

We, developers, usually suppress these compiler warnings with code such as below;

            
try
{
String wholeFile = FileUtils.readFileToString(path);
}
catch(IOException ioe)
{
// happy compiler
string happyCompiler = ioe.getMessage();
}
                
            

However, making any exception go unnoticed may help attackers to hide their trials and errors against the application. Additionally suppressing exception in this way will prevent any detail analysis against production problems.

Modern high-level language compilers are particularly picky about empty catch blocks since these style of coding usually points to bad quality code.

We, developers, usually suppress these compiler warnings with code such as below;

            
try
{
String wholeFile = FileUtils.readFileToString(path);
}
catch(IOException ioe)
{
// happy compiler
string happyCompiler = ioe.getMessage();
}
                
            

However, making any exception go unnoticed may help attackers to hide their trials and errors against the application. Additionally suppressing exception in this way will prevent any detail analysis against production problems.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!