Skip repetitive navigation links.
United States Department of AgricultureFarm Services AgencySystem Development Life Cycle (SDLC)
Go to SDLC Home Go to SDLC Home Go to About SDLC Go to News Go to Help Go to Contact Us
Search FSA
Go To Advanced Search
Go To Search Tips
FSA Enterprise Architecture
Go to EA Overview
Go to Enterprise Architecture Program
Go to Enterprise Architecture
Go to FSA Infrastructure
FSA SDLC
Go to SDLC Overview
Go to Background
Go to Development Process
Go to Quick Start Guide
Go to FSA Quality Assurance & Control Process
Go to Project Management Process
Go to Configuration and Change Management
Mainframe & System 36 SDLC
Browse by Subject
Go to Developer Tools Overview
Go to Architectural Decisions/Waivers
Go to FSA Assets and Shared Services
Go to Approved Software
Go to Templates and Documents
Go to Information Bulletins & Memos
Browse by Subject
Go to Learning Overview
Go to Training Schedule

You are here:  SDLC Home / Development Process / Construction & Assembly / Application Security / Error Handling
Development Process

Error Handling

 

 
One of the most important functions of error handling is that it must allow the application to fail securely. Applications should never display stack traces, server names, server IP, or other technical information to a user as this information can be used by a hacker in support of other attacks. Standard error pages should be used that display business appropriate error messages. For Struts based applications, it is recommended that an exception handler be created to work in conjunction with the error page. Consideration should also be given to logging all state information for the user, including the data in the request, session, and cookies, but remember that errors and exceptions must not compromise the application by exposing Personally Identifiable Information (PII). Special attention must be given to ensure that no PII is included in the logs. Just like a firewall should fail closed, an application should fail securely!

 
The following practices help secure your application's error handling:

 
  • Do not leak information to the client
  • Detailed error messages should be logged for all exceptions that are caught
  • Ensure all open transactions are processed appropriately if an error is encountered during processing
  • Error messages should be informative, but should not reveal information about system internals or other sensitive data, including PII

Last Modified: 03/19/09 2:12:00 PM


SDLC Home | FSA Home | USDA.gov | Common Questions | Site Map | Policies and Links
FOIA | Accessibility Statement | Privacy Policy | Nondiscrimination Statement | Information Quality | USA.gov | White House