This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Periodic Table of Vulnerabilities - Insufficient Data Protection

From OWASP
Revision as of 09:57, 20 May 2013 by Peter Mosmans (talk | contribs)

Jump to: navigation, search

Return to Periodic Table Working View

Insufficient Data Protection

Root Cause Summary

Sensitive data is not sufficiently protected against disclosure, modification or non-repudiation.

Browser / Standards Solution

Perimeter Solution

None

Generic Framework Solution

Provide a configuration-based suite of encryption utilities for all data security needs including HMAC, symmetric, password hash, and asymmetric encryption requirements.

Custom Framework Solution

None

Custom Code Solution

Identify which kinds of data need to be protected, for example Personally Identifiable Information (PII) or authentication and identification data.
Make sure that all applicable (eg. local, federal) laws are obeyed.
Never store more information than is needed.

Discussion / Controversy

Data protection laws vary from country to country. Ensure that the correct mitigations and protections have been taken. US data protection law


References

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (European Union)

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Periodic_Table_of_Vulnerabilities_-_Insufficient_Data_Protection&oldid=151895"