Introduction:
Sensitive Data Exposure Vulnerability exists in a web application when it is poorly designed. It allow attacker to apply various security practices and find the sensitive data that is related to particular website. By Sensitive Data Exposure vulnerability, attackers may be able to find sensitive data such as session tokens, authentication credentials, databases etc. By such sensitive data an attacker will be able to exploit the web application and the security of website will be breached.

Is Web Application Vulnerable to Sensitive Data Exposure ?

As of now, we know the basic concept of Sensitive Data Exposure Vulnerability, but how to test our web application vulnerable to such type of vulnerability? In this article, we are going to discuss about the weak points that exist in a web application where vulnerability can be exploited by attackers.

1. Clear Text Transmission: If there is clear transmission of data in background in a web application then there might be a risk of data exposure to the attacker. Example – clear transmission of text may includes the credentials of user.
2. Cryptographic Algorithm: Old cryptographic algorithms that were used in old web apps might be a risk factor. There may be a chance that attackers could have bypass that algorithm and get access to sensitive data.
3. Cryptographic Keys: Cryptographic keys always play a vital role in a web applications. If Cryptographic keys are not properly rotated or old & weak keys are used then in that case web application will be at risk of exposure of data.
4. Encryption: Web application must enforce proper encryption techniques in order to prevent attacks and to safeguard the confidential information.

Attack Scenarios:
Following are some examples of the attack scenarios where an attacker may attack the web application in order to harm the data of the web application:

• Directory Busting: Directory busting or Directory Brute forcing is one of the main big vulnerability through which an attacker might be able to see the sensitive files that are being stored on a website server. There are several critical files that are stored on a web server in order to make smooth functioning of a website. While development and deployment of a web application, developer must keep this thing in mind to make these directories or files to be hidden or setting privacy to not accessible to public. Following are some most critical files that can be exploited by attackers if found publicly available on internet.
  • .git
  • .htaccess
  • .backup
  • /admin
  • .sql

  etc.

  The list contains thousands of such critical files which an attacker can test against a website using some kind of tool like Dir search, Dir buster or Burp Suite.

• GitHub: GitHub is a famous for version controlling and software development. Millions and billions of codes are being hosted on GitHub in order to collaborate and work on it. As we all know, GitHub has public as well as private repositories. Now just imagine a case where the developer has uploaded a SQL data of a website on a GitHub Repo and forgot to make it private. This SQL Data is now visible to public through which an attacker might take an advantage could exploit the database of that particular web application.

  For this, attackers have access to different tools although they can also do it manually by applying several filters. Automated tools include Git Grabber, Git hound, Git Rob, and many more.

  So its really important to make the Web application secure in order to hide the sensitive information from attackers so that they cant use it to compromise the users as well as company’s security.