Skip to main content

Avoid exposing sensitive information

Requirement#

The application must not expose sensitive information in sections that are publicly accessible.

Description#

Some applications have sections such as web pages and endpoints that are publicly exposed or do not require an initiated session to be accessed. These sections should contain neither sensitive corporate information nor users' or employees' personal data. Furthermore, corporate sensitive information should not be exposed on personal social network accounts either.

References#