Back to Catalog
Owasp Security
top10_2025
A04:2025 - Cryptographic Failures
Exposure of sensitive data due to weak, missing, or improperly implemented encryption.
Intent & Description
'
🎯 Intent
Protect sensitive data at rest and in transit through proper cryptographic controls.
📋 Context
Applications frequently fail to adequately protect sensitive data such as passwords, financial records, health information, and personal data using appropriate cryptography.
💡 Solution
Classify data processed and stored. Apply controls per classification. Encrypt all sensitive data at rest and in transit. Use strong, up-to-date algorithms and protocols. Disable caching for sensitive data responses.'
Real-world Use Case
Use when handling any sensitive data including PII, financial data, health records, or authentication credentials.
📌 TL;DR
Protect sensitive data with strong cryptography. Classify data, encrypt at rest and in transit, use modern algorithms.
Advantages
- Protects data confidentiality
- Meets regulatory requirements
- Prevents data breaches
- Ensures data integrity
Disadvantages
- Performance overhead for encryption operations
- Key management complexity
- Algorithm deprecation requires updates