Information Leakage Errors A Serious Threat
Information leakage accounted for only 17 percent of Web applications tested by Cenzic in 2012, but the danger posed by the vulnerability makes finding and eradicating them extremely critical. Web applications can leak information in a variety of ways. Sometimes an attacker can get the application to crash, prompting an error message that reveals clues to the underlying infrastructure supporting the application or the application itself. Poorly implemented encryption also can yield information to an attacker.