Lesson 07 - OWASP Top 10 2017 - A3:2017-Sensitive Data Exposure
AppSec Starter is a basic application security awareness training applied to onboarding new developers. It is not the purpose of this training to discuss advanced and practical topics. Conviso has customized training and practical training platforms.
Training recorded by Nicolas Schmaltz and copyright reserved to Conviso Application Security S/A.
Lesson 7 Contents:
Many web applications and APIs do not adequately protect sensitive data such as financial, health or personally identifiable data (PII). Attackers can steal or modify this poorly protected data to carry out credit card fraud, identity theft or other crimes. Sensitive data needs extra security protections like encryption when stored or in transit, such as special precautions when switched with the web browser.