Do we really need to encrypt password before sending it to API despite we have encryption and decryption already implemented in Web-API level which does same while login authentication.
Hi,
Good question.
Based on our experience, when doing penetration test, this always got highlighted (Using BURP Suite, the data can be retrieve), so we always use cryptoJS for this.
Thanks
Hello Gaurav Jain,
In my opinion there is no such thing as too much security. If you can provide a higher level of security by adding a layer of encryption I believe its always worth it.
Best of luck ,
Paulo Rosário