A3:2017 - Sensitive Data Exposure

Unofficial Content

Actions by GeneXus

  • GeneXus doesn't cipher sensitive data.

Actions by Developers

  • If a shared secret is needed it must be hashed before being saved on a file or Data Base.
    • Save a modified (salted) hash to sensitive data.
  • Use a secure hash function. The use of SHA2 256 or 512 is recommended.
  • Cipher the data on the application layer.
  • Cipher the cipher key. For this matter, the GeneXus Site Key could be used. The use of AES with 128 or 256-bit keys is recommended.
  • Avoid storing sensitive data on logs. If it's unavoidable the sensitive data must be masked.
  • Avoid storing sensitive data on intermediate files. Consider using HTTPResponse Data Type to write and send the data directly instead. If it's unavoidable verify that those files are erased from the server after been sent.
  • Configure the application server with the minimum permission required and avoid exposing by HTTP/HTTPS the Temp media directory and/or other temp directories.
  • Use secure channels.
    • Use HTTPS strict even for static content.
      • Security Scanner helps to detect this scenario with case code #105.
    • Use LDAPS instead of LDAP. 
    • Use TLS or WS-Security for server-to-server communication or other shared resources.
    • Use valid certificates.
  • Avoid weak cipher algorithms.
  • Avoid sending sensitive data over to the browser if it isn't needed. Avoid hidden content with sensitive data on forms. Select on the server side the information needed.

Intermediate and browser cache

Actions by GeneXus

  • GeneXus adds HTTP Headers for all web pages and automatically generated static contents that indicate what can or can't be cached.

Actions by Developers

  • If the HTTPResponse Data Type is used to create a custom web page the developer must specify if the response is public, if it can be cached and for how long.
    • Security Scanner helps to detect this scenario with case code #109.