R183. Delete sensitive data securely

Requirement

The system must support the secure removal of sensitive data when they are no longer required, so that they can not be recovered.

Description

Systems often store and delete sensitive information protected by government regulations. These regulations usually demand that data be removed after it is no longer required and that its deletion follow secure procedures that prevent it from being recovered.

References

  1. CWE-226: Sensitive Information Uncleared in Resource Before Release for Reuse. The product prepares to release a resource such as memory or a file so that the resource can be reused by other entities, but the product does not fully clear previously-used sensitive information from that resource before the resource is released.

  2. CWE-459: Incomplete Cleanup. The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

  3. Directive 2002/58/EC (amended by E-privacy Directive 2009/136/EC). Art. 4: Security of processing.(1a) The measures referred to in paragraph 1 shall at least protect personal data stored or transmitted against accidental or unlawful destruction, accidental loss or alteration, and unauthorized or unlawful storage, processing, access or disclosure.

  4. Directive 2002/58/EC (amended by E-privacy Directive 2009/136/EC). Art. 6: Traffic data.(1) Traffic data relating to subscribers and users processed and stored by the provider of a public communications network or publicly available electronic communications service must be erased or made anonymous when it is no longer needed for the purpose of the trans­mission of a communication.

  5. GDPR. Art. 5: Principles relating to processing of personal data.(1)(e). Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

  6. OWASP-ASVS v4.0.1 V8.1 General Data Protection.(8.1.2) Verify that all cached or temporary copies of sensitive data stored on the server are protected from unauthorized access or purged/invalidated after the authorized user accesses the sensitive data.

  7. OWASP-ASVS v4.0.1 V8.2 Client-side Data Protection.(8.2.3) Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated.

  8. OWASP-ASVS v4.0.1 V8.3 Sensitive Private Data.(8.3.6) Verify that sensitive information contained in memory is overwritten as soon as it is no longer required to mitigate memory dumping attacks, using zeros or random data.

  9. OWASP-ASVS v4.0.1 V8.3 Sensitive Private Data.(8.3.8) Verify that sensitive personal information is subject to data retention classification, such that old or out of date data is deleted automatically, on a schedule, or as the situation requires.

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy