3. Sensitive data exposure
Financial or personal data transfers are not handled securely.
What it is
Sensitive data, such as credit card numbers, health data, or passwords, should have extra protection given the potential damage that could occur should the information fall into the wrong hands. While there are regulations and standards designed to protect sensitive data, data stored, transmitted, or protected by inadequate methods can be exposed to attackers.
How it works
Data stored or transferred as plain text, using older/weaker encryption, or can be easily decrypted gives attackers the opportunity to access to exploit the information.
Why it’s bad
Once an attacker obtains passwords, credit card numbers, personal information, health records, and business secrets, they can do real damage to the person or even the company that leaked the data.
Identify and secure data deemed sensitive according to privacy laws, regulatory requirements, or business needs.
Don’t store sensitive data unnecessarily. Discard it as soon as possible, use PCI DSS compliant tokenization, or try truncation. Data that is not retained cannot be stolen.
Instead of implementing payment gateway solutions, explore options to integrate with PCI compliant third-party payment providers.
Do not log excessive, sensitive data in log files.
Encrypt all data in transit with secure protocols, such as TLS. Enforce encryption using directives like HTTP Strict Transport Security (HSTS).
Ensure up-to-date and strong standard algorithms, protocols, and keys are in place. Use proper key management.
Verify the effectiveness of configuration and settings via manual performance tests and DAST tool scans.
Sensitive data exposure example
A request appears to retrieve credit card information in a user’s wallet for viewing or editing.
A legitimate response shows that the data is not in the body of the response of encrypted JSON and is only exposed when displayed on the screen. The text in red shows bad coding methodology in which the credit card, status, and CVV are all in the response body text in plain text, allowing hackers to obtain information.