Obfuscate application data
The system must obfuscate the data if the application is not in focus.
This requirement is verified in following services:
- CWE™-359. Exposure of private personal information to an unauthorized actor
- GDPR-5_1f. Principles relating to processing of personal data
- OWASP TOP 10-A2. Cryptographic failures
- OWASP-M TOP 10-M9. Reverse engineering
- ISO/IEC 27002-8_26. Application security requirements
- OSSTMM3-11_7_2. Data networks security (controls verification) - Confidentiality
- NIST SSDF-PW_6_2. Configure the compilation, interpreter, and build processes to improve executable security
- PTES-6_2_1_1. Exploitation - Countermeasures (anti-virus encoding)
- OWASP Top 10 Privacy Risks-P1. Web application vulnerabilities
- SWIFT CSCF-5_4. Physical and logical password storage
- OWASP MASVS-V8_12. Resilience requirements - Impede comprehension
- ISO/IEC 27001-8_26. Application security requirements
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.