This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Insufficient Data Protection"
m |
m |
||
| Line 22: | Line 22: | ||
=== Custom Code Solution === | === Custom Code Solution === | ||
| − | Identify which kinds of data need to be protected, for example Personally Identifiable Information (PII) or authentication and identification data. | + | Identify which kinds of data need to be protected, for example Personally Identifiable Information (PII) or authentication and identification data.<br> |
| + | Make sure that all applicable (eg. local, federal) laws are obeyed.<br> | ||
| + | Never store more information than is needed.<br> | ||
=== Discussion / Controversy === | === Discussion / Controversy === | ||
Revision as of 09:57, 20 May 2013
Return to Periodic Table Working View
Insufficient Data Protection
Root Cause Summary
Sensitive data is not sufficiently protected against disclosure, modification or non-repudiation.
Browser / Standards Solution
Perimeter Solution
None
Generic Framework Solution
Provide a configuration-based suite of encryption utilities for all data security needs including HMAC, symmetric, password hash, and asymmetric encryption requirements.
Custom Framework Solution
None
Custom Code Solution
Identify which kinds of data need to be protected, for example Personally Identifiable Information (PII) or authentication and identification data.
Make sure that all applicable (eg. local, federal) laws are obeyed.
Never store more information than is needed.
Discussion / Controversy
Data protection laws vary from country to country. Ensure that the correct mitigations and protections have been taken. US data protection law
