Applying OWASP 2017: Mitigating Sensitive Data Exposure