If web applications don’t protect sensitive data such as financial information, health records of users, voters ballot information and passwords etc by encrypting with strong encryption algorithms while both storing in data store and transmitting over the network, then attackers can gain access to that data and utilize it for nefarious purposes. This means hackers /attackers could gain access to such information by executing man-in-the-middle attacks to steal data in transit.

Also Caching is the practice of temporarily storing data for re-use where web browsers and backend programs will often cache web pages and data respectively so that if a user revisits those pages or makes same data access request within a fixed time span, then browser does not have to fetch the pages from the web server again and backend also doesn’t have to retrieve data by hitting the database again.

Sensitive data exposure risk can be minimized by implementing encryption mechanism for all sensitive data as well as disabling the caching features of any sensitive information in development stage by respective developers.

Additionally, web application developers should take care to ensure that they are not unnecessarily storing any sensitive data like bank details, debit/ credit card details as per the various payment protection standards and norms.