By using encryption you will safeguard stored, or in transit, sensitive data from being read by third-parties. However, the most common flaw in software is not encrypting sensitive data.
Usually attackers don’t attempt to break the encryption itself, they break something else. Some examples of attack vectors are stealing plain text data, using Man-in-the-Middle (MITM) attacks, or stealing keys.
The following example illustrates how a MITM attack can be used to listen to a communication between two computers and impersonate a legitimate user after stealing his session (green arrows represent secure connections, while red arrows represent plain text connections):
How to do it with OutSystems Platform
The recommended strategy is to encrypt all channels and sensitive data.
In order to do so with OutSystems Platform follow these recommendations for each scenario:
Secure apps' communications
Protect how Cookies are transmitted
Encrypt data (stored or in transit)
To learn how to protect your OutSystems apps against other common types of attacks, check how OutSystems Platfom helps you develop secure applications.