Which of the following threat types can occur when encryption is not properly applied or insecure transport mechanisms are used?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Sensitive data exposure occurs when information is not properly secured through encryption and secure transport mechanisms; it can quickly become an easy and broad method for attackers to compromise information.
Web applications must enforce strong encryption and security controls on the application side, but secure methods of communications with browsers or other clients used to access the information are also required.
Security misconfiguration occurs when applications and systems are not properly configured for security, often a result of misapplied or inadequate baselines.
Insecure direct object references occur when code references aspects of the infrastructure, especially internal or private systems, and an attacker can use that knowledge to glean more information about the infrastructure.
Unvalidated redirects and forwards occur when an application has functions to forward users to other sites, and these functions are not properly secured to validate the data and redirect requests, thus allowing spoofing for malware or phishing attacks.
The correct answer is C. Sensitive data exposure.
When encryption is not properly applied or insecure transport mechanisms are used, it can result in sensitive data being exposed to unauthorized parties. Sensitive data exposure occurs when confidential or sensitive information is unintentionally or maliciously disclosed to unauthorized users, potentially leading to identity theft, financial fraud, and other security breaches.
Encryption is a method of encoding information so that it can only be read by authorized parties who possess the decryption key. If encryption is not applied or is not applied properly, sensitive data can be easily intercepted and read by unauthorized parties.
Insecure transport mechanisms refer to the methods used to transmit data over a network. For example, if data is transmitted over an unsecured Wi-Fi network, it can be easily intercepted by malicious actors who can then read the data.
Security misconfiguration, insecure direct object references, and unvalidated redirects and forwards are all different types of security vulnerabilities that can occur in web applications. However, they do not directly relate to the improper use of encryption or insecure transport mechanisms.