This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:Sensitive Data Protection Vulnerability

From OWASP
Jump to: navigation, search

This category is for tagging vulnerabilities that lead to insecure protection of sensitive data. The protection referred here includes confidentiality and integrity of data during its whole lifecycles, including storage and transmission.

Please note that this category is intended to be different from access control problems, although they both fail to protect data appropriately. Normally, the goal of access control is to grant data access to some users but not others. In this category, we are instead concerned about protection for sensitive data that are not intended to be revealed to or modified by any application users. Examples of this kind of sensitive data can be cryptographic keys, passwords, security tokens or any information that an application relies on for critical decisions.

Examples of this vulnerability can be:

  • Information leakage results from insufficient memory clean-up
  • Inappropriate protection of cryptographic keys (This should also be labeled with Category:Cryptography)
  • Clear-text Passwords in configration files (This should also labeled with Category:Authentication if the passwords are used for authentication.)
  • Lack of integrity protection for stored user data
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

Pages in category "Sensitive Data Protection Vulnerability"

The following 4 pages are in this category, out of 4 total.