Searching for Sensitive Data
Hannibal poked around on the Clarice Commerce Web server, looking for sensitive customer information. He found a dozen customer names and credit card numbers in a local cache. Although this limited number of credit card numbers was useful, it was not yet the mother lode of sensitive data that Hannibal was after.
Mistake #5: Clarice Commerce allowed sensitive data to sit on its Web server machine for a period of time. Internet Web servers are extremely popular targets for computer attackers. Any sensitive data gathered through such a Web server should not be stored locally. If the Web server has a vulnerability, an attacker will be able to steal any information sitting on this machine. Therefore, your Web application should gather the required data from a user and quickly move it to another, more secure machine that does not have a Web server installed on it. The Web application should encrypt the data and send it to a database, transaction, or other application server immediately.