Skip to main content
Version: Next

PII Disclosure In Response

PII Disclosure In Response

What is it?

The response contains Personally Identifiable Information (PII), such as credit card numbers, social security numbers (SSN), and similar sensitive data.

References

Test case FAQs

When is this test case applicable?

This is applicable for all API endpoints when the Baseline security category is enabled in test plans.

How does it work?

Responses from the API server are analyzed for the presence of sensitive information (PII).

What is the solution?

Verify if PII present in the response is justified by a legitimate business requirement. Ensure that the amount of PII being disclosed in the response is limited to serve the specific use case of the API endpoint.