A6 – Sensitive Data Exposure
Data exposure deals with revelation of information or information disclosure. The OWASP document defines it saying that:
"Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser."
This topic relates to the disclosure of sensitive information when such information can be used not just in a cyber attack, but also in certain types of theft, such as what might happen when health records, credentials, personal data, or credit cards are at risk.
The officially vulnerable scenarios presented by the documentation remind us that for such kind of data, we should confirm the following:
Check whether any of this data is stored in clear text (for...
