This thesis presents the design, implementation and evaluation of Exposure, a script-based tool for detecting exposed sensitive values in files. The tool is intended for checking scripts, configuration files, log files and other supporting files where plaintext passwords, PGP or GPG-related values, debug settings or other fixed strings may appear.
The solution is intended for skilled technicians, especially administrators or specialists who understand the inspected environment. Exposure can generate a CSV report, prepare an HTML summary, mask detected sensitive values, send a report by e-mail and create a PGP-protected backup of original files before modifying their content.
The problem is discussed in the context of banking and card-processing environments, where data protection, traceability and audit evidence are particularly important. The tool is tested in an environment with artificially prepared data.
The results show that Exposure provides a more repeatable, structured and safer process than manual file inspection. The tool does not replace a complete security audit or the professional judgement of an administrator, but it supports the process with automated scanning, reporting, masking and protected backup creation.
|