| Details | |
|---|---|
| Alert ID | 200006-1 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Low |
| CWE | 200 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-200 OWASP_2021_A02 OWASP_2025_A04 TOOL_PTK |
Summary
Sensitive data is anything that should not be accessible to admin access, known as sensitive data. Sensitive data may include personally identifiable information (PII), such as Social Security numbers, financial information, or login credentials. Sensitive Data Exposure occurs when an organization unknowingly exposes sensitive data or when a security incident leads to the accidental or unlawful destruction, loss, alteration, or admin disclosure of, or access to sensitive data.
Generated by OWASP PTK DAST Module
Solution
Treat credentials, personal data, tokens and financial information as sensitive and protect them throughout their lifecycle. • Classify what data is sensitive and avoid storing it unless there is a clear business need. • Encrypt sensitive data at rest and in transit using modern, well configured algorithms and keys. • Store passwords using strong, salted and adaptive hash functions such as argon2, bcrypt or PBKDF2. • Disable caching for responses that contain sensitive data and avoid exposing it in URLs, logs or client-side storage. • Regularly review configuration and implementation against up-to-date OWASP guidance.Other Info
References
- https://owasp.org/Top10/2025/A04_2025-Cryptographic_Failures/
- https://cwe.mitre.org/data/definitions/200.html