OWASP Top 10 Cryptographic Failures A02 – Explained

Cryptographic Failures Vulnerability – Examples & Prevention

Jun 7, 2022

9 min read

Sudip Sengupta

In this article:

Cryptography encompasses the tools and techniques used to protect communication and information exchange to ensure confidentiality, non-repudiation, integrity, and authenticity. Modern cryptographic techniques involve converting plain-text messages into ciphertext that the intended recipient can only decode. With the rapidly changing threat environment, traditional encryption and obfuscation techniques are susceptible to compromises, resulting in the exposure of sensitive data through a group of potential vulnerabilities known as cryptographic failures.

This article delves into why cryptographic failure is considered one of the most common application security threats and its standard form of attack and prevention measures.

What is a Cryptographic Failure Vulnerability?

A cryptographic failure is a critical web application security vulnerability that exposes sensitive application data on a weak or non-existent cryptographic algorithm. Those can be passwords, patient health records, business secrets, credit card information, email addresses, or other personal user information. 

Modern web applications process data at rest and in transit, which require stringent security controls for comprehensive threat mitigation. Some deployments employ weak cryptographic techniques that can be cracked within a reasonable time frame. Even with the perfect implementation of cryptographic techniques, users may avoid embracing data protection best practices, subsequently making sensitive information susceptible to sensitive data theft.

Formerly known as sensitive data exposure (2017: A03), the

Read more

Explore the site

More from the blog

Latest News