NỘI DUNG BÀI VIẾT
Hands-on Sensitive Data Exposure tutorial
นอกจากการดูบทความนี้แล้ว คุณยังสามารถดูข้อมูลที่เป็นประโยชน์อื่นๆ อีกมากมายที่เราให้ไว้ที่นี่: ดูเพิ่มเติม
Hello and welcome to this new episode of the OWASP Top 10 training series. Today, you will practice your knowledge about Sensitive Data Exposure using handson challenges. If you have no idea about this vulnerability, I invite you to read the blog post below which explains Sensitive Data Exposure in detail.
Blog post for Sensitive Data Exposure: https://thehackerish.com/sensitivedataexposureexplainedowasptop10vulnerabilities/
Read from our Blog: https://thehackerish.com
Follow us on Twitter: https://twitter.com/thehackerish
Facebook Page: https://www.facebook.com/thehackerish
Each month, increasing exabytes of data circulate on the globe. The data sensitivity ranges from cat videos and static landing pages to Personally Identifiable Information (PII) and nations secrets.
But why certain data is considered sensitive while others are not? Well, this depends on many factors as we will discuss shortly. However, the general idea is to measure what would be the impact if this data is known to others. For example, an ecommerce website’s database should be considered sensitive because it holds Credit Card records and personal data of its customers. If the database is disclosed, all customers’ identities and financial situation would be at risk.
When critical data lands on unauthorized hands, we can qualify it as sensitive data exposure.
Data transmitted over a network is considered data in transit. For example, when you browse the web, you generate HTTP traffic which carries data between you and the target server. Because it is in motion, this type of data can be targeted in many ways:
Sniffing: When the network traffic is not encrypted, it can be captured using a Maninthemiddle attack (MITM). For example, if you land on a website which asks for your credentials without using HTTPS, your credentials will transit in cleartext.
Information disclosure:This happens if a vulnerable server returns more information than it should. For example, JavaScript files can contain production API keys, passwords ,etc. Besides, the server can return a verbose errors which discloses passwords of highly sensitive assets. I’ve found a vulnerability where a generated error contained the admin password of a critical marketing asset.
All data which doesn’t transit on the network can be considered at rest. This includes archives, backup files, databases, etc. So how this data can be at risk if it doesn’t move? Well, data can be accessed through a lack of authentication, a poor access control on a repository, etc. Consider this incident where a publicly accessible MongoDB database stored plaintext personal details of Millions of records.
Since Sensitive data exposure is a broad vulnerability, we will explore some scenarios which would help understanding when a vulnerability falls into this vulnerability.
Attack scenario 1:
A web application allows users to search for available books based on keywords. Unfortunately, a SQL injection in the keyword parameter allowed an attacker to dump the authors’ table, which included PII information in plaintext.
In this scenario, there are two problems, the SQL injection and the plaintext data. However, the problem which relates to Sensitive Data exposure is the latter. In fact, sensitive data should never be stored in plaintext.
Attack scenario 2:
A web application doesn’t properly protect log files. This allowed an unauthenticated attacker to read them. Some log entries contained login requests with credentials in the GET parameters. This led to a massive credential theft and multiple accounts were compromised.
In this scenario, the sensitive data was transmitted using GET parameters, which is a bad practice. In fact, GET requests get stored on logs, browser history, bookmarks, etc. Unauthenticated access to the log files themselves is a problem which belongs to Broken authentication, which is not directly related to Sensitive Data Exposure.
Attack scenario 3:
An internal hospital web application allows staff members to sign up, log in and upload healthcare data. The application uses HTTP. An attacker compromised the hospital’s WiFi network. Because there was no Network segregation, the attacker was able to listen on HTTP traffic and capture the session cookie of the admin user. He then authenticated to the application and modify data for a target patient.
In this scenario, the problem related to Sensitive Data exposure was in the fact that the application used an unencrypted protocol to carry sensitive data.
Sensitive Data exposure vulnerabilities focus on data itself. In other words, giving that an attacker got access to your data or can sniff the traffic carrying your data, what defense mechanism do you have to prevent him/her from exploiting it?
Exposing sensitive data to unauthorized parties has many serious implications. For example, if the data contains PII information, any leak can be fined under the EU GDPR law, which can go up to 20 Million Euros.
All about the Personal Data Protection Bill
On December 4, the Union Cabinet approved the introduction of the Personal Data Protection Bill in Parliament. The draft bill, the Personal Data Protection Bill, 2018, was prepared by a highlevel expert committee headed by former Supreme Court judge B.N. Srikrishna. The Bill deals with the broad guidelines on the collection, storage, and processing of personal data, the consent of individuals, penalties and compensation, and a code of conduct. The draft Bill classifies ‘sensitive personal data’ as including passwords, financial data, health data, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, and religious or political belief or affiliation. The draft Bill says that such sensitive personal data can be processed only with the explicit consent of the person, and this consent needs to be informed, clear, and specific, as defined by the Bill itself.
Also read: https://www.thehindu.com/opinion/editorial/unfulfilledpromiseonpersonaldataprotectionbill/article30323338.ece
The GDPR: Sensitive personal data, differences, examples and data protection.
What is sensitive data?
Examples of sensitive data
GDPR personal data definition
Personal vs sensitive data
Sensitive personal data examples
How does one identify and classify sensitive data?
What is sensitive data exposure?
How to protect sensitive data?
Read the detailed blog article here:
https://thecyphere.com/blog/sensitivedata/
Cyphere is a UKbased cyber security services provider helping organisations to secure their most prized assets. We provide technical risk assessment (pen testing/ethical hacking) and managed security services. This advice is a true third party opinion, free from any vendor inclinations or reselling objectives.
Service quality underpins everything we do.
Our security expertise, sector specific experience \u0026 nonsalesy approach helps organisations to manage cyber security threats effectively.
===============================================
LinkedIn:
https://www.linkedin.com/company/thecyphere/
Twitter:
https://twitter.com/TheCyphere
Facebook:
https://www.facebook.com/thecyphere
gdpr
gdprcompliance
sensitivedata
cybersecurity
Data brokers sell sensitive personal information online
Sensitive personal information about you and your family is bought and sold online by data brokers—addresses, children’s names and ages, even the details of your daily routines. Worse yet, this is all perfectly legal, and anybody can access it—no questions asked. ReputationDefender stops all this. We do the hard work of finding and removing your information from data brokers, protecting you and your family from prying eyes. Visit www.reputationdefender.com to learn how we can help.
BGMI 1.7 UPDATE NEW SENSITIVITY GUIDE | MOST USED SENSITIVITY | SEASON EXPERT SENSITIVITY GUIDE
BGMI 1.7 UPDATE NEW SENSITIVITY GUIDE | MOST USED SENSITIVITY | SEASON EXPERT SENSITIVITY GUIDE
So guys
aaj ki iss video mein aap sabko BGMI / PUBG 1.7 update best sensitivity guide, all settings guide, low sensitivity guide and medium sensitivity sensitivity and high sensitivity and most used sensitivity settings and season expert sensitivity settings full guide!!
Thank You!!
Personal Device Sensitivity Banwana ho, Aap INSTAGRAM me message kro ⬇️
Any Question
INSTAGRAM
⬇️⬇️⬇️⬇️⬇️⬇️
INSTA ID NAME mukeshmodak
https://www.instagram.com/mukeshmodak20/?hl=en
CUSTOMIZED SENSITIVITY 7031766633673654424
SEASON EXPERT SENSITIVITY 7031766633673654425
MOST USED SENSITIVITY 7031766633673654426
BGMI / PUBG 1.7 UPDATE ALL NEW BASIC SETTINGS VIDEO https://youtu.be/DyQKug3XFI
BGMI 1.7 GAMEPLAY TIPS \u0026 TRICKS https://youtu.be/3xY4nYdgOEM
Your Queries
bgmi 1.7 full sensitivity guide
bgmi 1.7 new sensitivity
bgmi best sensitivity
bgmi low sensitivity guide / work
bgmi high sensitivity guide / work
bgmi medium sensitivity guide / work
bgmi most used sensitivity guide / work
bgmi season expert sensitivity guide / work
bgmi realme sensitivity
bgmi redmi sensitivity
bgmi oppo sensitivity
bgmi vivo sensitivity
bgmi samsung sensitivity
bgmi 1.7 settings
bgmi best settings
camera sensitivity guide / work
camera sensitivity free look guide / work
ads sensitivity guide / work
bgminewsensitivitysettings bgmibestsensitivity pubgbestsensitivity Bgmi Mukeshhrxgaming
NOTE Full Credit To Owners All Images, Pictures, Music Shows in the Video belongs to Respected owners
Disclaimer This channel DOES NOT Promote or encourage any illegal activities, all contents provided by This Channel meant for EDUCATIONAL PURPOSE Only. This Video Is For EDUCATIONAL PURPOSE Only.
Copyright Disclaimer Under Section 107 Of The Copyright Act 1976, Allowance Is Made For \”Fair Use\” For Purposes Such As Criticism, Comment, News, Reporting, Teaching, scholarship And Research. Fair use Is A Use Permitted By Copyright Statue That Might Otherwise Be Infringing. Nonprofit, Educational Or Purpose only.
นอกจากการดูหัวข้อนี้แล้ว คุณยังสามารถเข้าถึงบทวิจารณ์ดีๆ อื่นๆ อีกมากมายได้ที่นี่: ดูบทความเพิ่มเติมในหมวดหมู่wes-and-vps/
