When an application stores or uses information that is sensitive in some way (credit card numbers, social security numbers, health records, passwords, and so on), special measures should be taken to protect it, as if it can be compromised, it could result in severe reputation, economic, or even legal damage to the organization that is responsible for its protection.
The sixth place in the OWASP Top 10 vulnerabilities is sensitive data exposure, and it happens when data that should be especially protected is exposed in clear text or is protected with weak security measures.
In this recipe, we will cover some of the best practices when handling, communicating, and storing this type of data.
