This category isn't about solving complex math. It's about implementation errors. Encrypting data with `rot13` is a failure. Storing passwords in plain text is a failure. Using HTTP in 2025 is a failure.
Hardcoded Keys
Developers often commit AWS Keys or API Secrets to GitHub.
const AWS_KEY = "AKIAVG...";
Once it's on GitHub, it's public forever (even if you delete the file later from git history). Use Environment Variables (.env) and never commit them.
1. Weak Algorithms
MD5 and SHA-1 are broken. They have collisions.
DES and RC4 are broken. They can be decrypted.
Fix: Use AES-256 for data and SHA-256 (or better) for hashing.
2. Data in Transit
Sending credit card data over HTTP.
Anyone on the same Wi-Fi (Starbucks) can sniff the traffic using Wireshark.
Fix: Force HTTPS everywhere using HSTS (HTTP Strict Transport Security).
3. Data at Rest
If a hacker steals your database file (SQL Injection or server compromise):
If the Credit Card numbers are plain text -> Game Over.
If they are AES encrypted -> You still have a chance (if the key was stored separately).
Field Level Encryption: Don't just encrypt the disk. Encrypt the specific database column credit_card_num.
Password Storage
NEVER encrypt passwords. Hash them with a slow algorithm like Bcrypt ($2y$) or Argon2. Encryption is reversible (if key is stolen). Hashing is one-way.