Cryptographic Failures and Data Exposure Prevention

Cryptographic failures, previously known as "Sensitive Data Exposure," represent a critical category of vulnerabilities where applications fail to adequately protect sensitive information. Think of cryptography as a safe for your digital valuables—if the safe is weak, uses a simple combination, or is left unlocked, thieves can easily steal what's inside. These failures don't always involve broken encryption algorithms; more often, they stem from not using encryption at all, using it incorrectly, or protecting the wrong things.

The shift in naming from "Sensitive Data Exposure" to "Cryptographic Failures" reflects a important change in perspective. Rather than focusing on the symptom (data exposure), OWASP now emphasizes the root cause (failed cryptography). This change encourages developers to think proactively about cryptographic protections rather than reactively about data breaches. It's like the difference between asking "How do we clean up oil spills?" versus "How do we prevent tankers from leaking?"