owasp
sensitive data exposure occurs when an application like a smartphone app or a browser, does not protect information such as passwords or payment info adequately.
Example
SSL is not used for all authenticated pages.Attacker can simply monitors network traffic and steals the user’s session cookie.
Impact
Failure compromises data that should have been protected. Typically, this information includes sensitive personal information data such as health records, personal data and credit cards.
Mitigation / Precaution
- Make sure to encrypt all sensitive data that are at rest.
- Disable caching for the responses that may contain sensitive data.
- Store all passwords using adaptive and salted hashing functions for better security.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
