Wednesday, April 2, 2025
Follow us On Linkedin
HomeOWASP - Top 10A6-Sensitive Data Exposure

A6-Sensitive Data Exposure

OWASP - Top 10

Published on

By Gurubaran
A6-Sensitive Data Exposure

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Sensitive Data Exposure is difficult to exploit wheres prevalence and detect-ability is less common, but the impact is severe. Clearly if some sensitive data is leaked it will cause a severe fall out.

Here we have a user login’s into a website over HTTP which has no encryption, in this case attacker can get into the network and sniff the traffic which is also called as Man in the middle attack(MITM). Then attacker can clearly gain access to any of the data going over the connection.So they can easily retrieve user’s password, also the attacker can manipulate data sent over http.

Understanding Sensitive data Exposure

  1. Insufficient use of SSL (Login page with http,Mixed mode,Cookies not sent securely).
  2. Bad cryptography (Incorrect password usage,Weak algorithm,Poor protection of keys).
  3. Some other risks (Browser auto-complete,Disclosure via URL,Leaked logs).

Common Defences

  1. Minimize sensitive data collection(Reduce the window for storage).
  2. Apply HTTPS everywhere (Login pages and everything should be https).
  3. Use Cryptostorage for passwords (Use hash algorithms designed for password,Secure key Management).
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware

A recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the...
cyber security

SmokeLoader Malware Uses Weaponized 7z Archives to Deliver Infostealers

A recent malware campaign has been observed targeting the First Ukrainian International Bank (PUMB),...
cyber security

New Malware Targets Magic Enthusiasts to Steal Logins

A newly discovered malware, dubbed Trojan.Arcanum, is targeting enthusiasts of tarot, astrology, and other...
Cyber Attack

Hackers Exploit Cloudflare for Advanced Phishing Attacks

A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

Cyber Security News

OWASP Smart Contract Top 10 2025 Released – What’s new!

The Open Web Application Security Project (OWASP) has released its updated Smart Contract Top 10 for...
Computer Security

What is XSS (Cross-Site Scripting)? – A Detailed Understanding Of the Type of XSS

XSS is a very commonly exploited vulnerability type that is very widely spread and...
OWASP - Top 10

Cross-Site Request Forgery (CSRF) – An OWASP Vulnerability – Detailed Explanation

Cross Site Request Forgery is one of the most common form of attack by...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved