Search

Deep dive Into Sensitive data exposure !

Greeting Everyone! Hope all going well in this blog we will discuss  CWE-200: Exposure of Sensitive Information and How This issue critically cause Impact For Our web application , android application etc.

Deep dive Into Sensitive data exposure !

Sensitive data that mean it may be user PII, User credentials, User Information, or web administrator data that cause an impact on a web application. This Vulnerability exists in web applications when it is poorly configured design phase it may backend or front end of any web application. This  Vulnerability allow an bad actor to apply different security practices to gain access those data which may lose confidentiality an bad actor able to find sensitive data such as  user Personal information, user credentials , database information,  hard coded data that belongs to targeted web application.

What is the common issue or information that may exposed due to weak design implementation :

1.    Enumeration of valid user name

2.    Account number , id enumeration through inconsistent responses.

3.    User enumeration via error message

4.    phpinfo(), revealing system configuration to web user

5.    Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

6.    Password exposed in debug environment

7.    User Data not properly stored which an bad actor can easily manipulate

8. FTP client with debug option enabled shows password to the screen.

9.    Stored Credentials of users easily can be access with directory busting

10. Sensitive api key expose through front end due to poor design

11. Developer details expose through third party repository

12. User  data can be access through IDOR due to weak design implement .

This is how we can verify against exposing sensitive data Which cause carries Data exposed , data theft , data manipulate .  Sensitive data exposure is very critical Security loopholes for an Web application.

Reference : https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure

Thanks For Reading……. See You In Another Blog!

Stick With Our Blog : https://securiumsolutions.com/

Author

Pallab Jyoti Borah

VAPT Analyst

Table of Contents

Social Media
Facebook
Twitter
WhatsApp
LinkedIn