Search⌘ K
Home
Courses
Distributed Systems: Building Software for the Real World

Sensitive Data Exposure

Explore how to protect sensitive information in distributed systems by understanding common exposure risks and implementing security measures like encryption, secure protocols, and access controls. Learn to identify potential cracks attackers exploit and apply best practices to minimize data breaches and unauthorized access.

We'll cover the following...

Cracks in the shell

Valuable information that people can steal or use against us include credit cards, medical records, insurance files, purchasing data, and emails. This is the stuff that makes for headlines and subpoenas. That’s what OWASP means by “sensitive data.” The “exposure” part is probably obvious. Exposure doesn’t mean that a hacker broke our crypto. Hackers don’t attack our strong points. They look for cracks in our shell. It can be as simple as an employee’s stolen laptop with a database extract in a spreadsheet. Maybe our system uses TLS at the edge but REST over plain HTTP internally, another “pie crust.” An attacker can sniff the network to collect credentials and payload data.

Here are some guidelines to help you avoid headlines:

  • Don’t store sensitive information that you don’t need. In retail, use a credit card tokenizer from your payment provider.

  • Use HTTP Strict Transport Security. This is a step beyond HTTPS-first. It prevents clients from negotiating their way to insecure protocols.

  • Stop using SHA-1. Just stop. It’s no longer adequate.

  • Never store passwords in plain text. Read OWASP’s Password Storage Cheat Sheet for guidance on hash algorithms and good salting ...