Question

Bradesco Seguros
BR
Last activity: 13 Mar 2025 10:18 EDT
To address vulnerabilities related to the OWASP A3_2017-Sensitive_Data_ directive
Hello All, hope you're all doing well.
We are currently facing an issue that still isn't very clear on how to resolve, even after raising a support ticket with Pega.
According to our security team, the Pega applications have a vulnerability gap related to the OWASP A3_2017-Sensitive_Data_ directive.
A test was conducted using the Pentest tool, and it was identified that when filling out a form in one of our applications, the information becomes visible. By using browser debugging tools, we can see, as shown in the attached image, in the Network tab, the content of the form request payload in plain text.
According to our security team, this information must be encrypted or masked. We understand that applying the Data Encryption configuration within the platform will be sufficient for addressing the issue of data storage in the database. However, regarding this point of the web form and communication with the backend for processing, it doesn't seem feasible—or am I mistaken? I need an idea, some guidance, to help resolve this issue
Regards.