Exception handling is a technique you should use everywhere in every application. Like input scrubbing, this technique not only increases the security of your application, but it makes for a more robust experience for legitimate users. Now that we’re clear on this, let’s prioritize where to use exception handling if you don’t have the time, budget, or inclination to put it everywhere.

If you have an application you are retroactively adding security features to, and you don’t have the time to add exception handling throughout the entire application, at a minimum ensure you add a global exception handler and local exception handlers wherever your application is interfacing with user input, databases, files, and external systems.