CWE-703

Improper Check or Handling of Exceptional Conditions

Weakness Description

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

Common Consequences

ConfidentialityAvailabilityIntegrity
Read Application DataDoS: Crash, Exit, or RestartUnexpected State

Detection Methods

Dynamic Analysis with Manual Results Interpretation

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Fault Injection - source code Fault Injection - binary ``` Cost effective for partial coverage: ``` Forced Path Execution

Effectiveness: High

Manual Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Manual Source Code Review (not inspections) ``` Cost effective for partial coverage: ``` Focused Manual Spotcheck - Focused manual analysis of source

Effectiveness: High

Automated Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer

Effectiveness: SOAR Partial

Architecture or Design Review

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.) Formal Methods / Correct-By-Construction

Effectiveness: High

Advertisement

Related Resources

Browse CWE Database

Explore 493 software weaknesses

CVE Database

Search 294,000+ vulnerabilities

Security Writeups

Learn from real-world examples

About 4nuxd

Cybersecurity research & tools

Contact Us

Get in touch for collaboration

Homepage

Explore more security resources