Following are the mitigation techniques employed for secure applications from Sensitive data exposure:
- Prepare a threat model to secure data both in transit and at rest from both types of the attacker( e.g. insider attack, external user)
- Encrypt data to protect it from any type of cyber attack.
- Never store sensitive data unnecessarily. Discard it as soon as possible. Data you don’t have can’t be stolen.
- Disable autocomplete on forms collecting sensitive data and disable caching for pages that contain sensitive data.
- Always implement and also ensures strong standard algorithms and strong keys are used, and proper key management is in place. Consider using FIPS 140 validated cryptographic modules.
- Ensure passwords are stored with an algorithm specifically designed for password protection, such as bcrypt, PBKDF2, or scrypt.