# 4.8 Testing for Error Handling

## [Testing for Error Handling](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/README)

## 4.8.1 [Testing for Improper Error Handling](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling)

* [ ] Trigger Web Server errors:
  * [ ] Search for random files and folders that will not be found (404s).
  * [ ] Try to request folders that exist and see the server behavior (403s, blank page, or directory listing).
  * [ ] Try sending a request that breaks the HTTP RFC. One example would be to send a very large path, break the headers format, or change the HTTP version.
* [ ] Trigger Web Application errors:
  * [ ] Identify possible input points where the application is expecting data.
  * [ ] Analyse the expected input type (strings, integers, JSON, XML, etc.).
  * [ ] Try to inject unexpected data like negative numbers, strings, random values, one extra bracket.
  * [ ] Understand the service responding with the error message and try to make a more refined fuzz list to bring out more information or error details from that service (it could be a database, a standalone service, etc.).

**Evidence**:

```
​
```

## 4.8.2 [Testing for Stack Traces](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/02-Testing_for_Stack_Traces)

This content has been merged into: [Testing for Improper Error Handling](https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/01-Testing_For_Improper_Error_Handling).

**Evidence**:

```
​
```