4.8 Testing for Error Handling

Testing for Error Handling

Trigger Web Server errors:
- Search for random files and folders that will not be found (404s).
- Try to request folders that exist and see the server behavior (403s, blank page, or directory listing).
- Try sending a request that breaks the HTTP RFC. One example would be to send a very large path, break the headers format, or change the HTTP version.
Trigger Web Application errors:
- Identify possible input points where the application is expecting data.
- Analyse the expected input type (strings, integers, JSON, XML, etc.).
- Try to inject unexpected data like negative numbers, strings, random values, one extra bracket.
- Understand the service responding with the error message and try to make a more refined fuzz list to bring out more information or error details from that service (it could be a database, a standalone service, etc.).

Evidence:

This content has been merged into: Testing for Improper Error Handling.

Evidence:

Last updated 1 month ago