WEBVTT

00:00.640 --> 00:08.740
Attackers can sniff or modify the sensitive data if not handled securely by the application.

00:08.740 --> 00:16.270
Unfortunately applications can unintentionally leak important information about their configuration

00:16.690 --> 00:20.680
internal workings or private data.

00:20.740 --> 00:28.360
Attackers will use this weakness to steal sensitive information and conduct serious attacks.

00:28.360 --> 00:36.280
A few examples include the use of weak encryption keys as seen here on the screen a victim and a web

00:36.280 --> 00:45.460
server communicate over a channel and where the victim sends encoded data which is base 64 data to the

00:45.460 --> 00:48.880
server and any attacker sniffing.

00:48.880 --> 00:57.420
The session will be able to capture this data and easily converted to a readable format so we could

00:57.430 --> 01:06.460
crypto algorithms which are used over HDTV channels even HDTV s channels are susceptible to attacks

01:06.610 --> 01:09.970
and give out our sensitive data.

01:09.970 --> 01:17.110
Another example is to impersonate the session I.D. as well an attacker sniffing the channel will be

01:17.110 --> 01:26.740
able to acquire the session idea and use it to impersonate the victim and present himself as the victim

01:26.980 --> 01:27.920
to the server.

01:27.940 --> 01:36.460
Some of the counter measures are to prevent displaying internal error messages to the end users such

01:36.520 --> 01:45.610
as stack traces database names table names or even protocols used encrypt all data and transmit and

01:45.700 --> 01:55.780
data addressed use secure protocols and algorithms and this able caching of responses with sensitive

01:55.870 --> 01:56.260
data.