From the course: CISSP Cert Prep (2021): 8 Software Development Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Error and exception handling
From the course: CISSP Cert Prep (2021): 8 Software Development Security
Error and exception handling
- [Instructor] Many security issues occur when software acts in an unexpected manner in response to invalid user input or another error situation. For this reason, appropriately handling errors is a critical component of software security. Software is designed to perform orderly transitions between different states. For example, let's consider a very simple software program that's designed to calculate the sales tax on a retail purchase. The software might sit at an input screen waiting for the user to input a purchase amount. When it receives that input it calculates the transaction tax and then moves into a display mode where it displays the tax amount to the user. The user can then press a new transaction button to enter another transaction amount. You might view this as three different states that the software has, awaiting input, calculating tax and displaying output. This simple state transition model describes…
Contents
-
-
-
-
-
-
Input validation2m 37s
-
(Locked)
Parameterized queries3m
-
(Locked)
Authentication/session management issues1m 49s
-
(Locked)
Output encoding3m 13s
-
(Locked)
Error and exception handling3m
-
(Locked)
Code signing2m 8s
-
(Locked)
Database security3m 53s
-
(Locked)
Data deidentification2m 44s
-
(Locked)
Data obfuscation2m 12s
-
-
-