184 – Obfuscate application data

Summary

The system must obfuscate the data if the application is not in focus.

Description

Obfuscate application data is needed to enhance security by making it more difficult for unauthorized users to understand or manipulate sensitive information within an application. Obfuscation involves intentionally obscuring the meaning or intent of data, code, or other elements in a software applications.

Supported In

Advanced: True

References

• CWE-359. Exposure of private personal information to an unauthorized actor
• GDPR-5_1f. Principles relating to processing of personal data
• OWASP10-A2. Cryptographic failures
• OWASPM10-M9. Reverse engineering
• ISO27002-8_26. Application security requirements
• OSSTMM3-11_7_2. Data networks security (controls verification) - Confidentiality
• NISTSSDF-PW_6_2. Configure the compilation, interpreter, and build processes to improve executable security
• PTES-6_2_1_1. Exploitation - Countermeasures (anti-virus encoding)
• OWASPRISKS-P1. Web application vulnerabilities
• SWIFTCSC-5_4. Password repository protection
• ISO27001-8_26. Application security requirements

Last updated

2024/01/18