// Security - Sensitive Data Exposure: Example of attack scenarios: 1. An application encrypts credit card numbers in a database using automatic database encryption. However, this means it also decrypts this data automatically when retrieved, allowing an SQL injection flaw to retrieve credit card numbers in clear text. The system should have encrypted the credit card numbers using a public key, and only allowed back-end applications to decrypt them with the private key. 2. A site simply doesn’t use SSL for all authenticated pages. Attacker simply monitors network traffic (like an open wireless network), and steals the user’s session cookie. Attacker then replays this cookie and hijacks the user’s session, accessing the user’s private data. 3. The password database uses unsalted hashes to store everyone’s passwords. A file upload flaw allows an attacker to retrieve the password file. All of the unsalted hashes can be exposed with a rainbow table of precalculated hashes. To Prevent 'Sensitive Data Exposure': 1. Consider using encryption both at rest and in transit (https) 2. Don’t store sensitive data unnecessarily. Discard it as soon as possible. Data you don’t have can’t be stolen. 3. Ensure strong standard algorithms and strong keys are used, and proper key management is in place. Consider using FIPS 140 validated cryptographic modules: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm 4. Ensure passwords are stored with an algorithm specifically designed for password protection, such as bcrypt, PBKDF2, or scrypt: http://en.wikipedia.org/wiki/Bcrypt http://en.wikipedia.org/wiki/PBKDF2 http://en.wikipedia.org/wiki/Scrypt 5. Disable autocomplete on forms collecting sensitive data and disable caching for pages that contain sensitive data.