Skip to main content

Red Securium

Red Securium Company Provide Web Services | Web Development | Software Development | Digital Marketing Service | Video Marketing Service | Video Logo Service & SEO Service. www.redsecurium.org Contact Us - +91 120 429 1672

Search This Blog

December 27, 2018

A6-Sensitive Data Exposure

Sensitive Data Exposure is difficult to exploit wheres prevalence and detect-ability is less common, but the impact is severe. Clearly if some sensitive data is leaked it will cause a severe fall out.

Here we have a user login’s into a website over HTTP which has no encryption, in this case attacker can get into the network and sniff the traffic which is also called as Man in the middle attack(MITM). Then attacker can clearly gain access to any of the data going over the connection.So they can easily retrieve user’s password, also the attacker can manipulate data sent over http.

Understanding Sensitive data Exposure

Insufficient use of SSL (Login page with http,Mixed mode,Cookies not sent securely).

Bad cryptography (Incorrect password usage,Weak algorithm,Poor protection of keys).

Some other risks (Browser auto-complete,Disclosure via URL,Leaked logs).

Common Defences

Minimize sensitive data collection(Reduce the window for storage).

Apply HTTPS everywhere (Login pages and everything should be https).

Use Cryptostorage for passwords (Use hash algorithms designed for password,Secure key Management).

Get link
Facebook
X
Pinterest
Email
Other Apps

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Post a Comment

About Me

RedSecurium

Archive

May 20193
April 20192
February 201922
January 201980
December 201859
November 201819

Labels

-Abdul-Aziz Hariri and Sebastian Apelt
-chain attack.
: Settlement Deal
: Un-patched RDP Clients
'Downthem' and 'Ampnode.' 200
"
"Booter" or "Stresser
"MsiAdvertiseProduct"
"systemd-journald"
(@_0rbit)

Show more Show less

Report Abuse

Powered by Blogger