Sensitive data leaks are a serious risk for applications and APIs. Sensitive data includes names, addresses, credit card numbers, government-issued identification numbers, etc. Sensitive data leaks are a bad programming practice because personal data leaked by applications can be used to compromise other systems and launch targeted phishing attacks.
Similarly, compliance with regulatory requirements is another common concern regarding sensitive data leaks. Different standards govern the presence and disclosure of PII data, and breaking disclosure rules could have serious consequences in the form of fines and the cancellation of critical agreements such as access to credit card payment gateways.
Not all sensitive data leaks are obvious
Modern application development architectures, driven by APIs, make it harder to simply manually spot sensitive data leaks. Sometimes APIs return much more information than what finally gets rendered on the screen. This extra information, however, is still available externally, which constitutes a sensitive data leak.
Additionally, complex systems sometimes have internal development and operational dashboards that could inadvertently display sensitive data.
Security automation as a fix for sensitive data leakage
Hdiv makes it easy to find and avoid leaks of sensitive data. Hdiv works in runtime, which allows monitoring in real-time how the application assembles each response that is sent to the client. Since the analysis is performed at the virtual machine level, it is very efficient. Similar products simply parse the raw output of the server (HTML or JSON) which takes a disproportionate amount of resources and introduces severe lags. The performance runtime approach is orders of magnitude better.
In the video below, you can see a demonstration of this feature. In particular, it finds and obfuscates credit card numbers that the application is outputting in clear format, which is a serious security risk and violation of PCI rules.
If you want more details and try Hdiv sensitive data leak control in your application, drop us a line and we will get back to you within hours.