Categories: OWASP - Top 10

A6-Sensitive Data Exposure

Sensitive Data Exposure is difficult to exploit wheres prevalence and detect-ability is less common, but the impact is severe. Clearly if some sensitive data is leaked it will cause a severe fall out.

Here we have a user login’s into a website over HTTP which has no encryption, in this case attacker can get into the network and sniff the traffic which is also called as Man in the middle attack(MITM). Then attacker can clearly gain access to any of the data going over the connection.So they can easily retrieve user’s password, also the attacker can manipulate data sent over http.

Understanding Sensitive data Exposure

  1. Insufficient use of SSL (Login page with http,Mixed mode,Cookies not sent securely).
  2. Bad cryptography (Incorrect password usage,Weak algorithm,Poor protection of keys).
  3. Some other risks (Browser auto-complete,Disclosure via URL,Leaked logs).

Common Defences

  1. Minimize sensitive data collection(Reduce the window for storage).
  2. Apply HTTPS everywhere (Login pages and everything should be https).
  3. Use Cryptostorage for passwords (Use hash algorithms designed for password,Secure key Management).
Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

View Comments

Leave a Comment
Share
Published by
Gurubaran
8 years ago

Recent Posts

Cisco Nexus Vulnerability Allows Attackers to Inject Malicious Commands

Cisco Systems has issued a critical security advisory for a newly disclosed command injection vulnerability…

16 minutes ago

New Wi-Fi Jamming Attack Can Disable Specific Devices

A newly discovered Wi-Fi jamming technique enables attackers to selectively disconnect individual devices from networks…

24 minutes ago

GitLab Vulnerabilities Allow Attackers to Bypass Security and Run Arbitrary Scripts

GitLab has urgently released security updates to address multiple high-severity vulnerabilities in its platform that…

2 hours ago

LibreOffice Flaws Allow Attackers to Run Malicious Files on Windows

A high-severity security vulnerability (CVE-2025-0514) in LibreOffice, the widely used open-source office suite, has been…

3 hours ago

Cisco Nexus Switch Vulnerability Allows Attackers to Cause DoS

Cisco Systems has disclosed a high-severity vulnerability (CVE-2025-20111) in its Nexus 3000 and 9000 Series…

3 hours ago

Silver Fox APT Hackers Target Healthcare Services to Steal Sensitive Data

A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver Fox,…

12 hours ago