Never use non-null value auth tokens.
Discription

#3: APIs Exposing Sensitive Data in Cleartext

This is not a new problem, but it has been brought to the forefront of many organizations’ minds after recent high profile incidents. The exposure of sensitive data in cleartext can be due to an unencrypted transport layer or even just plain text storage on disk (which may have been the case with Experian). This should never happen because there are so many ways to encrypt and protect this information at rest and during transit, including SSL/TLS encryption for web applications, SSH tunneling for internal traffic, etc
https://t.co/QfUzgnBC6V

Back to Main