We are trying hard to make it really tough for hackers to break into you network but what happens when they do? In the OWASP top 10, #3 deals with preventing sensitive data from being exposed in the event that a successful attack is made. This in turn can help prevent further attacks.
One of the reasons that California’s CCPA (in effect 2020) and the EU’s General Data Protection Regulation (GDPR) exist are because of businesses improperly handling sensitive personal data.
How can we make sure that even if they get through your defenses, hackers cannot easily steal sensitive data from your applications?
Let’s talk about best practices for securely handling and protecting sensitive data:
- Encrypt sensitive data at rest
- Know where and what is the sensitive data you have in your network and on your computers, or in the cloud.
- Remove any sensitive data that is no longer needed. Scale down. Keep only what you need for your business.
- When data is being moved, ensure that web traffic is encrypted and transmitted over HTTPS using a valid SSL certificate, and that insecure connections are upgraded where possible (HSTS).
- Encrypt and sign any browser cookies that contain sensitive information
- Hash passwords using a strong hashing algorithm such as Bcrypt or PBKDF2
And remember to plan ahead and create a plan to respond to security incidents.
