SiteShadow
Back to vulnerability library
Detected bySecure-coding-practice checks (SCP)Pro

SCP08 Data Protection

What this means

SiteShadow flagged patterns where sensitive data handling is unsafe or incomplete (PII exposure, secrets stored incorrectly, data placed in URLs/logs, missing encryption at rest/in transit).

Why it matters

Data exposure can lead to regulatory impact and breach risk.

Safer examples

1) Minimize data collection and retention

Collect only what you need, keep it for the shortest time, and delete safely.

2) Keep sensitive data out of URLs and logs

URLs get stored in proxies, referrers, and analytics (see CWE-598 / L01).

3) Encrypt at rest where appropriate and control access

Use strong crypto + key management; restrict storage ACLs (see CWE-922 / CLOUD01).

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.