Mask sensitive information

Description

What does it do

This rule will scan all the outgoing data and check if any of it looks like a credit card number. If it finds a match then it will automatically re-write it to xxx-xxxx-xxxx- (leave the last 4 digits)

• Improves security
• Help mitigate a 0 day attack
• Automatically prevents full credit cards number form being send from your servers

The Problem

Attacks against web systems are becoming increasingly more sophisticated. Whilst application firewalls and well written code can defend against most of the known vulnerabilities it’s impossible to protect against a zero day attack.

A zero-day attack it a vulnerability that has been discovered where by a patch does not currently exist as its unknown to the software vendor. There are probably many in use by hackers right now that we don’t even know about!

For best practice it’s good to have a preventative strategy as well as a damage mitigation and limitation strategy should you get attacked.

This rule helps with the latter.

How does it work

The rule will check for a valid server response i.e. 200 OK and search for a regular expression that would match on a credit card number.

If it finds a match, then it will do a full replacement of the string to xxxx-xxxx-xxxx-