3.Sensitive data Exposure (OWASP TOP 10)

 3.Sensitive data Exposure

* the first thing is to determine the protection needs of data in transit and at rest for example ,

passwords , credit card numbers , health records , personal information and business secrets require extra protection particularly if that data falls under privacy laws . Example include 

* Is any data transmitted in clear text ? this concerns protocols such as 

HTTP, SMTP, and FTP. external internet traffic is especially dangerous .

* are any old an weak cryptographic algorithms  used either by default or in older code ?

* are default crypto keys in use , weak crypto keys generated or re-used or is proper key management or rotation missing ?   

*is encryption not enforced ,e.g are any user agent (browser) security directives or headers missing ?