Sensitive Data Exposure

 





Passwords are hashed using Argon2 before storing them in the database. This is a hard memory password hashing function that not only makes it computationally expensive, but also uses a lot of memory. This means that it is much more difficult to attack Argon2 hashes using graphics processors or special equipment



Confidential information should not be stored in plain text, which is not a secure way to store confidential data. An attacker gaining access to the database can easily obtain sensitive information.

It is recommended to use community-approved and strong encryption algorithms for storing sensitive data. In this case, the AES encryption algorithm with GCM mode and a key length of 256 bits is used. Such encryption will help to avoid data leakage if an attacker gains access to the storage.





This happens when there is no SSL certificate in place and as a result sensitive data such as passwords are sent in plain text.  This is under risk of being captured by an eavesdropping attacker.

Using an insecure protocol to transport login credentials would allow an attacker to gain access to this information and impersonate the legitimate user.
It’s recommended to use secure protocols to transport user credentials. Using HTTPS to transport user data over the network prevents sensitive information from being exploited by a sniffing attack. Also, using the POST request method is a better approach for submitting login credentials since it sends data inside the request body instead of exposing it in the URL.







Comments

Post a Comment

Popular posts from this blog

Microservices and Service-Oriented Architecture

  Microservices Architecture and Service-Oriented Architecture (SOA) , along with their similarities, differences, and typical use cases. Microservices Architecture Microservices is an architectural style where applications are composed of small, independent services that communicate over a network. Each service is typically designed around a specific business function and operates as an isolated, self-contained unit. Here are some key characteristics: Independently Deployable : Each service can be developed, deployed, and scaled independently of others. Single Responsibility : Services are organized around business capabilities, such as “Order Processing” or “User Authentication.” Resilience : Each microservice operates independently, making the system more resilient since failures in one service do not necessarily impact others. Polyglot Persistence and Programming : Microservices allow for diverse technologies, frameworks, and databases across services, optimizing each service...
Read more

Version control and Continuous Integration/Continuous Deployment (CI/CD)

 Version control and Continuous Integration/Continuous Deployment (CI/CD) are fundamental practices in modern software development that enhance collaboration, maintainability, and quality of software projects. Below, we’ll explore each concept, including their principles, benefits, and key practices. Version Control Version Control is a system that records changes to files or sets of files over time, allowing developers to track and manage changes to their codebase. It facilitates collaboration among team members and provides a history of changes, making it easier to revert to previous versions if needed. Key Principles of Version Control Track Changes : Every change made to the codebase is recorded, allowing developers to see who made changes, what changes were made, and when. Branching and Merging : Developers can create branches to work on features or fixes in isolation without affecting the main codebase (usually referred to as the main or master branch). Once the work is co...
Read more

Delegates

 In C#, delegates are types that represent references to methods. They can be used to define callback methods, event handlers, and can also be used in functional programming patterns. Below is a list of commonly used delegates in C#, including built-in delegates and custom delegates. Built-in Delegates Action : Represents a delegate that can point to a method that does not return a value. It can take up to 16 parameters. Examples : Action (no parameters) Action<T> (one parameter) Action<T1, T2> (two parameters) Action<T1, T2, T3> (three parameters) ... Action<T1, T2, ..., T16> (up to 16 parameters) csharp Copy code // Example Action< string > print = message => Console.WriteLine(message); Func : Represents a delegate that can point to a method that returns a value. It can also take up to 16 parameters. Examples : Func<TResult> (no parameters) Func<T1, TResult> (one parameter) Func<T1, T2, TResult> (two parameters) Func<...
Read more