Which of the following OWASP Top 10 risks involves

Solution

Sensitive Data Exposure occurs when sensitive information, such as passwords, credit card details, or personal data, is not properly protected during storage or transmission. Weak encryption, improper key management, or lack of HTTPS for data in transit are common causes. An attacker can intercept such data using tools like packet sniffers or by exploiting vulnerabilities in the system. For example, an application storing user passwords in plain text instead of hashing them exposes users to credential theft if the database is compromised. Proper encryption, secure transmission (e.g., HTTPS), and adherence to best practices mitigate this risk. Why Other Options Are Incorrect :

1. Security Misconfiguration : Refers to improper settings, like default credentials or unpatched software, not direct data exposure.
2. Broken Authentication : Involves flawed authentication mechanisms, leading to unauthorized access, not sensitive data compromise.
3. Insecure Deserialization : Involves execution of malicious code via tampered serialized objects, not direct data leaks.
4. Insufficient Logging and Monitoring : Refers to the inability to detect and respond to security breaches, not data exposure.