Skip to main content

Avoid exposing sensitive information


The application must not expose sensitive information in sections that are publicly accessible.


Some applications have sections such as web pages and endpoints that are publicly exposed or do not require an initiated session to be accessed. These sections should contain neither sensitive corporate information nor users' or employees' personal data. Furthermore, corporate sensitive information should not be exposed on personal social network accounts either.