The correct answer is A. Implementing a logging framework
The vulnerable code uses:
e.printStackTrace();
In Java applications, printStackTrace() can expose sensitive internal details, such as class names, file paths, line numbers, application logic, database errors, and other implementation information. If this output is displayed to users or written insecurely, it can help an attacker understand the application and craft further attacks.
The best remediation is to replace direct stack trace printing with a proper logging framework, such as Log4j, SLF4J, or java.util.logging, configured with appropriate log levels and secure log handling. A logging framework allows developers to record useful diagnostic information while controlling where logs are stored, what level of detail is included, and whether sensitive data is exposed.
B is incorrect because simply removing the reported code lines may break exception handling and does not provide a proper secure error-handling solution.
C is incorrect because secure coding awareness is useful as a long-term improvement, but it does not directly remediate this specific vulnerable code.
D is incorrect because this is not a false positive. Direct use of printStackTrace() is commonly flagged by SAST tools because it can result in information disclosure.
In PenTest+ terms, this falls under Tools and Code Analysis, specifically SAST findings, insecure error handling, information disclosure, and secure coding remediation.
