A6 – Protecting sensitive data
When an application stores or uses information that is sensitive in some way (credit card numbers, social security numbers, health records, passwords, and so on), special measures should be taken to protect it, as it could result in severe reputational, economic, or even legal damage to the organization that is responsible for its protection and suffers a breach that compromises it.
The sixth place in OWASP Top 10 is the sensitive data exposure, and it happens when data that should be specially protected is exposed in clear-text or with weak security measures.
In this recipe, we will cover some of the best practices when handling, communicating, and storing this type of data.
How to do it...
If the sensitive data you use can be deleted after use, do it. It is much better to ask users every time for their credit card than have it stolen in a breach.
When processing payments, always prefer the use of a payment gateway instead of storing such data in your servers....
