422.2 Error and exception management

Overview

Error and exception management is the process of detecting, handling, and recovering from faults in a program. In secure software development, it's not enough to make programs that work when used correctly—they must also behave predictably and safely when something goes wrong.

User input, hardware failure, invalid operations, or environmental conditions may cause errors. Without proper handling, these faults can expose sensitive information, crash systems, or be exploited by attackers. Secure exception management helps ensure systems fail safely, not catastrophically.

Targets

In this topic, students learn to:

• Identify different types of errors and exceptions in programming

• Apply techniques for detecting and managing faults

• Design software that degrades safely under failure conditions

• Avoid revealing internal system details in error messages

What can go wrong?

Errors fall into several broad categories:

• Syntax errors – Prevent code from running; caught by the compiler or interpreter

• Logic errors – Code runs but produces incorrect results

• Runtime errors – Errors that occur while the program is running (e.g. file not found, division by zero)

Unchecked runtime errors are hazardous—they can crash systems or leak internal information such as stack traces, file paths, or variable states.

Best practices for secure error handling

1. Catch and handle exceptions explicitly

Use structured exception handling to prevent application crashes and control the flow of recovery.

try:
    result = 100 / int(user_input)
except ZeroDivisionError:
    print("Cannot divide by zero.")
except ValueError:
    print("Input must be a number.")

2. Fail securely

If something goes wrong, systems should default to a safe state. This means:

• Denying access rather than granting it by default

• Not continuing with partial or invalid data

• Rolling back failed transactions

If authentication fails, the system should lock the user out rather than granting access under uncertain conditions.

3. Avoid detailed error disclosure

Detailed error messages may be helpful during development but are dangerous in production. They may reveal:

• File paths

• Configuration details

• Internal logic

• Stack traces

Users should see a simple, friendly message. Developers should log the full error securely.

4. Centralise error handling

Use a common error-handling framework, middleware, or logging system. This ensures:

• Consistent handling across modules

• Unified logging for audit and investigation

• Easier maintenance and debugging

Logging and auditing

Secure software logs errors and exceptions:

• To track attempted exploits

• To understand causes of failure

• To support monitoring and forensic investigation

Logs should include:

• Timestamp and severity

• Description of the error

• Affected user or session (if relevant)

• Location in the code

Logs should never include sensitive data like passwords or personal information.

Summary

• Exceptions must be caught and handled intentionally to avoid unsafe program states

• Failure conditions should be anticipated and managed securely

• Error messages should be helpful to users without exposing internal details

• Logs are valuable for developers and security analysts but must be written securely