Data exposure can be linked to how a company handles certain information. Sometimes, sensitive data can be found stored in plain text documents.
If websites don’t use SSL and don’t have HTTPS security on web pages that store information, data may be at risk of being exposed.
Other ways data can be exposed include by storing it in a database that may be compromised by SQL injection or other types of attacks, using weak cryptographic algorithms or keys, not implementing hashed and salted password practices (which is a form of cryptography similar to encryption), and other unsecure data storage. SQL injection is a code injection technique that allows an attacker to interfere with the queries that an application makes to its database. It can be used to steal information from a database via the backend.
Passwords can be exposed when hashed passwords are stored without salt, meaning it was not fully protected via cryptography, making the password easily unencrypted. Hashed and salted passwords refer to the storage of the password on the server, in which the password (salted or not) is converted into a type of word puzzle that the server knows how to read. If a website’s hashing isn’t strong, then passwords can easily be read during a data exposure
That's all u wanna know about sensitive data exposure.. will continue with next vulnerability soon.. till then stay tuned.
إرسال تعليق