Insecure storage of sensitive data - TairinySimeonato/WebAuditing GitHub Wiki

passwords must be hashed, preferably salted
sensitive data must be encrypted
sensitive data should not be transferred over GET

References

https://www.owasp.org/index.php/Insecure_Storage