312-50V11 · Question #446
Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?
The correct answer is B. Use encrypted communications protocols to transmit PII. Encrypting PII in transit with protocols such as TLS/HTTPS is the best defense against web application vulnerabilities that expose data during transmission between client and server.
Question
Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web application vulnerabilities?
Options
- AUse cryptographic storage to store all PII
- BUse encrypted communications protocols to transmit PII
- CUse full disk encryption on all hard drives to protect PII
- DUse a security token to log into all Web applications that use PII
How the community answered
(19 responses)- A5% (1)
- B89% (17)
- D5% (1)
Why each option
Encrypting PII in transit with protocols such as TLS/HTTPS is the best defense against web application vulnerabilities that expose data during transmission between client and server.
Cryptographic storage protects data at rest but does not prevent web application vulnerabilities such as SQL injection or insecure API calls from exposing PII as it is read from storage and transmitted.
Web application vulnerabilities such as man-in-the-middle interception and insecure transmission directly target PII moving across the network. Using encrypted communications protocols like TLS ensures that even if traffic is intercepted, the data cannot be read in plaintext, directly addressing the primary exposure vector for PII in web applications.
Full disk encryption protects data on stolen or physically accessed media but provides no protection against web application vulnerabilities that retrieve data through normal authenticated application interfaces.
Security tokens strengthen authentication and session management but do not protect the PII payload itself from vulnerabilities such as XSS, SQL injection, or insecure direct object references once a session is active.
Concept tested: Protecting PII with encrypted web transmission protocols
Source: https://owasp.org/www-project-top-ten/
Topics
Community Discussion
No community discussion yet for this question.