Sensitive data exposure flaws enable attackers to access protected resources by bypassing authentication entirely. In this video, learn how to test for sensitive data exposure flaws.
- [Instructor] The third set of risks in the OWASP … Top 10 list are sensitive data exposure flaws. … If an attacker is targeting your web application, … then chances are the attacker wants access … to the data that you've hidden behind login screens … and restricted to authorized users. … If, however, you've left any gaps in your … data access controls, the attacker could potentially … steal that data without exploiting injection flaws … or broken authentication controls. … For example, if your application doesn't encrypt data … while it's traveling from the end user's client system … to the server, then the attacker could potentially … use a man in the middle attack to … steal that data in transit. … If you've got things like passwords or … financial account numbers or health care data … stored in plain text files on your servers, … then an attacker who finds a way to navigate … Even if you've encrypted data at rest or data in motion, … you should still consider the risk … of an attacker gaining access to that unencrypted data. …
- Security frameworks
- OWASP Top Ten
- Building Security In Maturity Model (BSIMM)
- Planning your testing projects
- Creating security policies
- Source code reviews
- Application threat modeling
- Offline testing for OWASP Top Ten vulnerabilities
Skill Level Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
Security Testing Essential Trainingwith Jerod Brennen2h 48m Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
What you should know1m 17s
1. Leading Practices
2. Security Documentation
3. Source Code Security Reviews
4. Offline Testing for the OWASP Top Ten (2017)
Next steps3m 18s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.