Descriptive Error Message Using invalid payloads
Verifies error messages for sensitive information leakage, specifically preventing the exposure of stack traces, enhancing application security.
Verbose Error Messages (VEM)
How this template works
APIs Selection
The template uses the "contains_either" filter to select API requests that have the HTTP methods "PUT", "POST", or "PATCH". This filter ensures that only these specific methods are targeted for testing.
Execute request
The template specifies a single request to be executed. It replaces the request body with a random payload containing special characters and emojis. This payload is used to test the error messages generated by the API when invalid payloads are provided.
Validation
The template validates the response payload by checking if it contains any of the specified keywords such as "column", "row", "line", "function", "class", "stack", or "trace". If any of these keywords are found in the response, it indicates that sensitive information may be leaked in the error messages, which can be exploited by attackers.
Frequently asked questions
What is the purpose of the DESCRIPTIVE_ERROR_MESSAGE test
How does the DESCRIPTIVE_ERROR_MESSAGE test impact application security
What is the category and subcategory of the DESCRIPTIVE_ERROR_MESSAGE test
What are the severity and impact levels associated with the DESCRIPTIVE_ERROR_MESSAGE test
What are the recommended HTTP methods for applying the DESCRIPTIVE_ERROR_MESSAGE test
What are the references for further information on improper error handling
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
