From the course: CISSP Cert Prep (2021): 8 Software Development Security
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Data obfuscation
From the course: CISSP Cert Prep (2021): 8 Software Development Security
Data obfuscation
- An alternative to removing data from a data set is transforming it into a format where the original information can't be retrieved. This is a process called data obfuscation, and we have several tools at our disposal to assist with this process. First, we can use a hash function to transform a value in our dataset to a hash value. Remember from our discussion of hash functions earlier that these are one way functions. If we apply a strong hash function to a data element, we may replace the value in our file with the hashed value. While it isn't possible to retrieve the original value directly from the hashed value, there is one major flaw to this approach. If someone has a list of possible values for a field, they can conduct a rainbow table attack. In this attack, the attacker computes the hashes of those candidate values and then checks to see if those hashes exist in the data file. Let's say we had a file listing all…
Contents
-
-
-
-
-
-
Input validation2m 37s
-
(Locked)
Parameterized queries3m
-
(Locked)
Authentication/session management issues1m 49s
-
(Locked)
Output encoding3m 13s
-
(Locked)
Error and exception handling3m
-
(Locked)
Code signing2m 8s
-
(Locked)
Database security3m 53s
-
(Locked)
Data deidentification2m 44s
-
(Locked)
Data obfuscation2m 12s
-
-
-