STIGQter STIGQter: STIG Summary: Application Security and Development Security Technical Implementation Guide Version: 5 Release: 1 Benchmark Date: 23 Oct 2020:

The application must not be subject to error handling vulnerabilities.

DISA Rule

SV-222656r508029_rule

Vulnerability Number

V-222656

Group Title

SRG-APP-000516

Rule Version

APSC-DV-003235

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Ensure proper return code and exception handling is implemented throughout the application.

Check Contents

Review the application documentation, code review reports and the results from static code analysis tools.

Identify the most recent security scans and code analysis testing conducted. Verify testing configuration includes tests for error handling issues.

Check test results for identified error handling vulnerabilities within the application.

If the test results indicate the existence of error handling vulnerabilities and no remediation evidence is presented, this is a finding.

If no test results are available for review, this is a finding.

Vulnerability Number

V-222656

Documentable

False

Rule Version

APSC-DV-003235

Severity Override Guidance

Review the application documentation, code review reports and the results from static code analysis tools.

Identify the most recent security scans and code analysis testing conducted. Verify testing configuration includes tests for error handling issues.

Check test results for identified error handling vulnerabilities within the application.

If the test results indicate the existence of error handling vulnerabilities and no remediation evidence is presented, this is a finding.

If no test results are available for review, this is a finding.

Check Content Reference

M

Target Key

4093

Comments