Skip to main content

Avoid exposing sensitive information


The application must not expose sensitive information in sections that are publicly accessible.


Some applications have sections such as web pages and endpoints that are publicly exposed or do not require an initiated session to be accessed. These sections should contain neither sensitive corporate information nor users or employees personal data. Furthermore, corporate sensitive information should not be exposed on personal social network accounts either.

Supported In

This requirement is verified in following services




free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.