Monday, May 19, 2025
HomeOWASP - Top 10A6-Sensitive Data Exposure

A6-Sensitive Data Exposure

Published on

SIEM as a Service

Follow Us on Google News

Sensitive Data Exposure is difficult to exploit wheres prevalence and detect-ability is less common, but the impact is severe. Clearly if some sensitive data is leaked it will cause a severe fall out.

Here we have a user login’s into a website over HTTP which has no encryption, in this case attacker can get into the network and sniff the traffic which is also called as Man in the middle attack(MITM). Then attacker can clearly gain access to any of the data going over the connection.So they can easily retrieve user’s password, also the attacker can manipulate data sent over http.

Understanding Sensitive data Exposure

  1. Insufficient use of SSL (Login page with http,Mixed mode,Cookies not sent securely).
  2. Bad cryptography (Incorrect password usage,Weak algorithm,Poor protection of keys).
  3. Some other risks (Browser auto-complete,Disclosure via URL,Leaked logs).

Common Defences

  1. Minimize sensitive data collection(Reduce the window for storage).
  2. Apply HTTPS everywhere (Login pages and everything should be https).
  3. Use Cryptostorage for passwords (Use hash algorithms designed for password,Secure key Management).
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives

Advanced persistent threat (APT) groups with ties to China have become persistent players in...

Cache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel Base

Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization...

Hackers Exploit AutoIT Scripts to Deploy Malware Targeting Windows Systems

Cybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known...

New Report Finds 67% of Organizations Experienced Cyber Attacks in the Last Year

A disturbing 67% of businesses in eight worldwide markets—the US, UK, Spain, the Netherlands,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

OWASP Smart Contract Top 10 2025 Released – What’s new!

The Open Web Application Security Project (OWASP) has released its updated Smart Contract Top 10 for...

What is XSS (Cross-Site Scripting)? – A Detailed Understanding Of the Type of XSS

XSS is a very commonly exploited vulnerability type that is very widely spread and...

Cross-Site Request Forgery (CSRF) – An OWASP Vulnerability – Detailed Explanation

Cross Site Request Forgery is one of the most common form of attack by...