OWASP Top Ten: Cryptographic Failures

Alex Archondakis

Managing Consultant

OWASP Top Ten: Cryptographic Failures

Cryptographic Failures are a major security problem. They can lead to data breaches, identity theft, and other serious problems. The Open Web Application Security Project (OWASP) has identified ten major failures. These failures can be divided into three categories: Cryptographic design flaws, cryptographic implementation errors and cryptographic key management.

What is Cryptographic Failure?

Cryptographic failures are where attackers often target sensitive data, such as passwords, credit card numbers, and personal information, when you do not properly protect them. This is the root cause of sensitive data exposure.

What are some Common Examples?

  • Sensitive data is transmitted (via HTTP, FTP, SMTP, etc) or stored in clear-text (database, files, etc).
  • Use of old or weak cryptographic algorithms.
  • Use of weak or default encryption keys or re-use of compromised keys.

How Can Cryptographic Failure be Exploited?

A flaw can occur when you do the following: Store or transit data in clear text (most common) Protect data with an old or weak encryption. Improperly filter or mask data in transit.

What are the Top Tips for Preventing This?

  • Classify data processed, stored, or transmitted by an application.
  • Don’t store sensitive data unnecessarily.
  • Make sure to encrypt all sensitive data at rest.
  • Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.

Here at Pentest People, we are continuously working to mitigate cyber security risks and threats by identifying vulnerabilities in your system’s defences, so that a real-life hacker cant exploit them. We offer Web Application Testing to keep your business safe and secure.

Video/Audio Transcript