OWASP Top 10: Sensitive Data Exposure - DeepSource

OWASP Top 10: Sensitive Data Exposure - DeepSource

An overview of the sensitive data exposure security threat from OWASP Top 10 followed by a few examples of attack scenario and can they be prevented.

In a previous post, we covered the broken authentication security threat in detail. In this post, we’re going to talk about security threats caused due to sensitive data exposure.

Sensitive data exposure

As the name suggests, this security threat occurs when the web application doesn’t adequately protect sensitive information like session tokens, passwords, banking information, location, health data, or any other similar crucial data whose leak can be critical for the user. This threat affects users the most and can cause financial loss, access to the victim’s accounts, blackmailing which ultimately results in decreased trust in the brand.

When is the application vulnerable?

  • Hardcoding data like tokens, secret_keys, passwords in the source code.

  • Logging sensitive data in server logs.

  • Caching sensitive data.

  • Transmitting sensitive information in plain text.

  • Using old or weak cryptographic algorithms.

  • Using default crypto keys, generating or re-using weak crypto keys.

  • User-agent (e.g. app, API) not validating received server certificate which can result in a rogue server attempting to masquerade as a legit server.

  • An SSL-enabled client goes through the following steps to authenticate a server’s identity:

  • Is today’s date within the validity period?

  • Is the issuing CA a trusted CA?

  • Does the issuing CA’s public key validate the issuer’s digital signature?

  • Does the domain name in the server’s certificate match the domain name of the server itself?

big data

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Top Microsoft big data solutions Companies | Best Microsoft big data Developers

An extensively researched list of top microsoft big data analytics and solution with ratings & reviews to help find the best Microsoft big data solutions development companies around the world.

Silly mistakes that can cost ‘Big’ in Big Data Analytics

‘Data is the new science. Big Data holds the key answers’ - Pat Gelsinger The biggest advantage that the enhancement of modern technology has brought

Big Data can be The ‘Big’ boon for The Modern Age Businesses

We need no rocket science in understanding that every business, irrespective of their size in the modern-day business world, needs data insights for its expansion. Big data analytics is essential when it comes to understanding the needs and wants of a significant section of the audience.

Role of Big Data in Healthcare - DZone Big Data

In this article, see the role of big data in healthcare and look at the new healthcare dynamics. Big Data is creating a revolution in healthcare, providing better outcomes while eliminating fraud and abuse, which contributes to a large percentage of healthcare costs.

How you’re losing money by not opting for Big Data Services?

Big Data Analytics is the next big thing in business, and it is a reality that is slowly dawning amongst companies. With this article, we have tried to show you the importance of Big Data in business and urge you to take advantage of this immense...