Skip to main content

Avoid exposing sensitive information

Summary

The application must not expose sensitive information in sections that are publicly accessible.

Description

Some applications have sections such as web pages and endpoints that are publicly exposed or do not require an initiated session to be accessed. These sections should contain neither sensitive corporate information nor users or employees personal data. Furthermore, corporate sensitive information should not be exposed on personal social network accounts either.

Supported In

This requirement is verified in following services:

PlanSupported
Machine๐Ÿ”ด
Squad๐ŸŸข
One-Shot๐ŸŸข

References

Vulnerabilities