Skip to main content

Avoid exposing sensitive information

Summary

The application must not expose sensitive information in sections that are publicly accessible.

Description

Some applications have sections such as web pages and endpoints that are publicly exposed or do not require an initiated session to be accessed. These sections should contain neither sensitive corporate information nor users or employees personal data. Furthermore, corporate sensitive information should not be exposed on personal social network accounts either.

Supported In

This requirement is verified in following services

PlanSupported
Essential🔴
Advanced🟢

References

Vulnerabilities

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.