In Jan this year, Microsoft published its first two Quick Security Reference papers covering Cross-site Scripting and SQL Injection.
Now, Microsoft released a new QSR addressing a security issue often discovered post-attack by IT and software development organizations “Exposure of Sensitive Information”, this SDL QSR will help you better understand and address common attacks that may be affecting your software, Web sites, and users.
Accidental exposure of sensitive information is a common flaw criminals will look for when initiating attacks. This type of attack doesn’t have a catchy acronym or get as much attention as some more popular classes of attacks. However, these flaws and the subsequent exposure of sensitive info are often canaries in the metaphorical software mine.
Failure to protect sensitive data and the inadvertent exposure of that sensitive info is a rapidly growing problem facing many software development organizations including mature ones. Attackers are finding ways to harvest valuable user info, launch direct attacks on systems, or use more sophisticated techniques based on accidentally exposed sensitive information. By better understanding these vulnerabilities that lead to inadvertent disclosure, one can more easily and efficiently deal with existing issues and implement ongoing solutions that help protect sensitive info and the users of that info.
More Info: Download