This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Top 10-2017-A3-Sensitive Data Exposure"
(Launch the new page for Top 10 2017-A6-Sensitive Data Exposure (RC1) with content of 2013-A6 as a reference to compare changes) |
m (Added some comments in Wiki source code of the SummaryTable Header (SummaryTableRowStyleTemplates)) |
||
Line 17: | Line 17: | ||
{{Top_10:SummaryTableTemplate|exploitability=3|prevalence=3|detectability=2|impact=1|year=2017|language=en}} | {{Top_10:SummaryTableTemplate|exploitability=3|prevalence=3|detectability=2|impact=1|year=2017|language=en}} | ||
{{Top_10_2010:SummaryTableHeaderEndTemplate|year=2017}} | {{Top_10_2010:SummaryTableHeaderEndTemplate|year=2017}} | ||
− | <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}>Consider who can gain access to your sensitive data and any backups of that data. This includes the data at rest, in transit, and even in your customers’ browsers. Include both external and internal threats. | + | <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> |
+ | <!--- Threat Agents: --->Consider who can gain access to your sensitive data and any backups of that data. This includes the data at rest, in transit, and even in your customers’ browsers. Include both external and internal threats. | ||
</td> | </td> | ||
<td {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | ||
− | Attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser. | + | <!--- Attack Vectors --->Attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser. |
</td> | </td> | ||
<td colspan=2 {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | <td colspan=2 {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | ||
− | The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. Browser weaknesses are very common and easy to detect, but hard to exploit on a large scale. External attackers have difficulty detecting server side flaws due to limited access and they are also usually hard to exploit. | + | <!--- Security Weakness --->The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. Browser weaknesses are very common and easy to detect, but hard to exploit on a large scale. External attackers have difficulty detecting server side flaws due to limited access and they are also usually hard to exploit. |
</td> | </td> | ||
<td {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | ||
− | Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc. | + | <!--- Technical Impacts --->Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc. |
</td> | </td> | ||
<td {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | <td {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | ||
− | Consider the business value of the lost data and impact to your reputation. What is your legal liability if this data is exposed? Also consider the damage to your reputation. | + | <!--- Business Impacts --->Consider the business value of the lost data and impact to your reputation. What is your legal liability if this data is exposed? Also consider the damage to your reputation. |
</td> | </td> |
Revision as of 21:11, 22 April 2017
Threat Agents / Attack Vectors | Security Weakness | Impacts | |||
---|---|---|---|---|---|
App Specific | Exploitability DIFFICULT |
Prevalence UNCOMMON |
Detectability AVERAGE |
Impact SEVERE |
Business ? |
Consider who can gain access to your sensitive data and any backups of that data. This includes the data at rest, in transit, and even in your customers’ browsers. Include both external and internal threats. |
Attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser. |
The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. Browser weaknesses are very common and easy to detect, but hard to exploit on a large scale. External attackers have difficulty detecting server side flaws due to limited access and they are also usually hard to exploit. |
Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc. |
Consider the business value of the lost data and impact to your reputation. What is your legal liability if this data is exposed? Also consider the damage to your reputation. |
Am I Vulnerable To 'Security Misconfiguration'?
The first thing you have to determine is which data is sensitive enough to require extra protection. For example, passwords, credit card numbers, health records, and personal information should be protected. For all such data:
And more … For a more complete set of problems to avoid, see ASVS areas Crypto (V7), Data Prot. (V9), and SSL (V10). |
How Do I Prevent 'Security Misconfiguration'?
The full perils of unsafe cryptography, SSL usage, and data protection are well beyond the scope of the Top 10. That said, for all sensitive data, do all of the following, at a minimum:
|
Example Attack Scenarios
Scenario #1: An application encrypts credit card numbers in a database using automatic database encryption. However, this means it also decrypts this data automatically when retrieved, allowing an SQL injection flaw to retrieve credit card numbers in clear text. The system should have encrypted the credit card numbers using a public key, and only allowed back-end applications to decrypt them with the private key. Scenario #2: A site simply doesn’t use SSL for all authenticated pages. Attacker simply monitors network traffic (like an open wireless network), and steals the user’s session cookie. Attacker then replays this cookie and hijacks the user’s session, accessing the user’s private data. Scenario #3: The password database uses unsalted hashes to store everyone’s passwords. A file upload flaw allows an attacker to retrieve the password file. All of the unsalted hashes can be exposed with a rainbow table of precalculated hashes. |
References
OWASP
External
|