The case study that I would like to create relates to the CWE-311: Missing Encryption of Sensitive Data, which is a vulnerability that occurs when an application does not encrypt sensitive data, such as passwords, pin, API keys, or personal information, while it is being transmitted or stored, leaving it open to theft. Despite being documented, CWE-311 lacks a descriptive case study that offers real-world examples and suggestions for mitigating it. For instance, in 2017, Google Drive backups for WhatsApp were not end-to-end encrypted, leaving private media and messages vulnerable in the event that the cloud account was compromised. By looking at this and related cases, the study will show how important it is to have encryption and how developers can avoid this problem by encrypting data both in transit and at rest, managing keys securely, and following best practices. In order to give developers a practical guide on how to avoid this security issue in their own projects, I intend to submit the essay as a pull request in Markdown format, adhering to MITRE's Secure Coding Case Studies style guide.
References:
1.https://cwe.mitre.org/data/definitions/311.html
2.https://nvd.nist.gov/vuln/detail/CVE-2025-45768
The case study that I would like to create relates to the CWE-311: Missing Encryption of Sensitive Data, which is a vulnerability that occurs when an application does not encrypt sensitive data, such as passwords, pin, API keys, or personal information, while it is being transmitted or stored, leaving it open to theft. Despite being documented, CWE-311 lacks a descriptive case study that offers real-world examples and suggestions for mitigating it. For instance, in 2017, Google Drive backups for WhatsApp were not end-to-end encrypted, leaving private media and messages vulnerable in the event that the cloud account was compromised. By looking at this and related cases, the study will show how important it is to have encryption and how developers can avoid this problem by encrypting data both in transit and at rest, managing keys securely, and following best practices. In order to give developers a practical guide on how to avoid this security issue in their own projects, I intend to submit the essay as a pull request in Markdown format, adhering to MITRE's Secure Coding Case Studies style guide.
References:
1.https://cwe.mitre.org/data/definitions/311.html
2.https://nvd.nist.gov/vuln/detail/CVE-2025-45768