Sensitive Data Exposure OWASP 2013

By
Nash N Sulthan
Published on
24 Mar 2022
owasp

Many of the web applications do not properly protect their sensitive datas. Attackers may modify or steal such weakly protected data to conduct identity theft or other crimes. Sensitive data deserve extra protection such as encryption at rest and in transit.

Example

If the password database uses unsalted hashes to store passwords. A flaw in file upload that allows an attacker to retrieve the password file. All of the unsalted hashes will be exposed.

Impact

Sensitive Data Exposure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as credentials, personal data, credit cards.

Mitigation / Precaution

  • Make sure to encrypt all sensitive data that are at rest.
  • Disable caching for the responses that may contain sensitive data.
  • Store all passwords using adaptive and salted hashing functions for better security.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.