1
00:00:00,090 --> 00:00:05,190
So number three on the list is sensitive data exposure in similar to number two.

2
00:00:05,190 --> 00:00:11,670
I kind of want to just talk about it the erotically from a attack and defense perspective and then we'll

3
00:00:11,670 --> 00:00:17,490
dive into bourbon sweet and we'll talk about how we might hunt for these things and what are what are

4
00:00:17,490 --> 00:00:19,530
some common scenarios.

5
00:00:19,530 --> 00:00:23,220
So sensitive data exposure is exactly what it sounds like.

6
00:00:23,220 --> 00:00:31,500
Imagine that you're testing against the hospital and the hospital is exposing PII personally identifiable

7
00:00:31,500 --> 00:00:35,220
information or you like a social security number or a date of birth.

8
00:00:35,220 --> 00:00:41,250
Patient Information whatever or you're testing against a client and they're exposing credit card or

9
00:00:41,250 --> 00:00:46,560
financial information that violates PCI data.

10
00:00:46,560 --> 00:00:49,770
Those are very bad situations.

11
00:00:49,860 --> 00:00:58,970
There can be situations where you know you have passwords stored in a clear text file.

12
00:00:59,250 --> 00:01:04,080
You've I've had situations in the past and I can tell you two of them.

13
00:01:04,110 --> 00:01:12,600
So one situation is that recently I was testing against a bug bounty program and that bug bounty program

14
00:01:13,230 --> 00:01:14,690
was a government program.

15
00:01:14,700 --> 00:01:24,810
It's public so it's OK to talk about this but the the program had a javascript file that was wide open

16
00:01:24,810 --> 00:01:25,580
right.

17
00:01:25,680 --> 00:01:29,730
And this javascript file if you read into it guess what.

18
00:01:29,730 --> 00:01:33,920
There were stored credentials in there to access their web site.

19
00:01:34,350 --> 00:01:41,160
And this is I love testing against government because the government just kind of has weak protocols

20
00:01:41,160 --> 00:01:47,650
and weak and weak Web sites and it helps to test against them you know make them better.

21
00:01:47,940 --> 00:01:54,270
And it also is a good way to find a lot of interesting flaws out there in the wild.

22
00:01:55,140 --> 00:01:58,850
So you know those store credentials that's a big no no.

23
00:01:58,860 --> 00:02:00,870
That's a sensitive data exposure.

24
00:02:00,870 --> 00:02:02,010
Here's another example.

25
00:02:02,010 --> 00:02:08,730
About a month ago I was testing against a client of mine and they were a health care provider.

26
00:02:08,730 --> 00:02:17,010
Now I went to their Web site navigated to a directory and that directory was a backup directory that

27
00:02:17,010 --> 00:02:18,900
never should have been exposed.

28
00:02:18,900 --> 00:02:24,350
Guess what that backup directory had an entire zip of their whole Web site.

29
00:02:24,360 --> 00:02:29,970
Now the source code every single thing behind the Web site I downloaded that file it was available to

30
00:02:29,970 --> 00:02:37,800
the entire public download that file and inside where again the source code credentials sequel database

31
00:02:37,800 --> 00:02:42,720
credentials all kinds of stuff that's things you do not want out there.

32
00:02:42,720 --> 00:02:45,900
So that's another example of sensitive data exposure.

33
00:02:46,380 --> 00:02:53,400
So if we scroll down just a bit here and we look at the different preventions honestly you want to make

34
00:02:53,400 --> 00:02:58,550
sure that your data is necessary to be on the application.

35
00:02:58,590 --> 00:02:58,950
Right.

36
00:02:58,950 --> 00:03:03,130
If you're a don't store data if you don't have to store it.

37
00:03:03,270 --> 00:03:03,480
Right.

38
00:03:03,480 --> 00:03:08,190
Don't store sensitive data unnecessarily as this says.

39
00:03:08,190 --> 00:03:13,020
Make sure that your data is encrypted at rest wherever it lands.

40
00:03:13,020 --> 00:03:14,550
Make sure that it is encrypted.

41
00:03:14,550 --> 00:03:20,460
We don't want to just be able to access a file and everything's in clear text make sure that your files

42
00:03:20,790 --> 00:03:24,420
are not just in a directory that's accessible by anybody.

43
00:03:24,420 --> 00:03:25,470
Right.

44
00:03:25,470 --> 00:03:28,630
Make sure that you are using strong passwords.

45
00:03:28,680 --> 00:03:30,780
Make sure using good protocols.

46
00:03:30,780 --> 00:03:38,580
And it says here it talks about HST yes we'll talk about that briefly in the next video just about headers

47
00:03:38,580 --> 00:03:40,350
and why they're important.

48
00:03:40,500 --> 00:03:43,770
And we'll talk about it as well and the testing aspect.

49
00:03:43,950 --> 00:03:47,800
But there's also example attack scenarios right.

50
00:03:47,820 --> 00:03:50,150
I think I think you probably get it by now right.

51
00:03:50,160 --> 00:03:52,170
It's just it's sensitive data exposure.

52
00:03:52,170 --> 00:03:56,010
There's so many different ways that this can happen and there's so many different things that this can

53
00:03:56,010 --> 00:04:01,100
fall under but what it really boils down to is your enumeration ability.

54
00:04:01,230 --> 00:04:02,500
What are you looking at.

55
00:04:02,550 --> 00:04:08,150
And you know how well can you sift through everything that's on that application.

56
00:04:08,280 --> 00:04:13,800
So the better investigator information gather a numerator that you are the better off you're going to

57
00:04:13,800 --> 00:04:18,930
be I've been saying that this entire course but this holds true for a lot of web app testing because

58
00:04:18,930 --> 00:04:20,840
it's not just cut and dry.

59
00:04:20,910 --> 00:04:22,430
Here's the data.

60
00:04:22,440 --> 00:04:24,390
You might have to dig deep for that directory.

61
00:04:24,390 --> 00:04:28,830
You might have to read through 100 JavaScript files to find those stored credentials.

62
00:04:28,890 --> 00:04:34,620
You know it's not always just plain as day right in front of you sometimes it is but not always.

63
00:04:34,620 --> 00:04:36,670
So that's a good overview.

64
00:04:36,690 --> 00:04:40,710
We're going to go into the next video where we actually do a little bit of testing for it.

65
00:04:40,740 --> 00:04:45,900
I'm just going to walk you through one of the examples and we'll talk about some other things in terms

66
00:04:45,900 --> 00:04:50,330
of security headers and why they're important and what we're looking for.

67
00:04:50,340 --> 00:04:51,350
So that's it.

68
00:04:51,360 --> 00:04:52,740
I'll meet you over in the next video.