software composition analysis
Product
SAST
Catch vulnerabilities as you develop DAST
Test live web applications like an attacker SCA
Secure open-source and supply chain MAST
Secure mobile apps from code to store Compliance
Align with standards while shipping secure code
Resources
Vulnerability database Healthy Package
Blog News
Documentation
Pricing Partners About Us Log In
software composition analysis

C-sharp : Error handling: generic exception

Classification

OWASP ASVS Error Handling and Logging PCI DSS 4.0 6.2.4 CWE CWE-396 CWE-397

Overview

The application generates an exception of a general type (Exception or ApplicationException) making it difficult to diagnose and recover from errors.

It is recommended to take full advantage of the C@ exception mechanism for error handling, which allows to accurately determine the type of exception in order to then process it in the proper catch-block.

References

  1. CWE-397: Declaration of Throws for Generic Exception
  2. Dont Throw Generic Exceptions - c2.com
  3. Creating and Throwing Exceptions

See also

C-sharp : Null encryption key
C-sharp : Insecure data transmission via email
C-sharp : Persistent authentication