OWASP Vulnerability #6 – Sensitive Data Exposure

Payments System Hacking. Online Credit Cards Payment Security Concept. Hacker in Black Gloves Hacking the System.

Number 6 on the OWASP Top 10 List is Sensitive Data Exposure.  This vulnerability occurs when data that should not be seen, such as credit card numbers, tax ID numbers, passwords, and social security numbers becomes exposed.  At Clearent, we pay close attention to this issue and work hard to ensure that our data is protected within our payments platform.

Intuitively, developers understand that data elements like credit card numbers and tax ID numbers need to be protected.  What they don’t always know, however, is how to protect that data.  It’s fairly obvious to realize the need to encrypt sensitive data or store it on encrypted hard disks.  What isn’t so obvious is the need for precautions for the mechanisms that transfer the sensitive data. And because many people don’t realize the need for this, it makes it possible to get their data by monitoring network traffic.  To this point, many of the recent payment breaches were accomplished by monitoring unencrypted network traffic inside a system. Read more