PII Disclosure In Response
What is it?
The response contains Personally Identifiable Information (PII), such as credit card numbers, social security numbers (SSN), and similar sensitive data.
References
Test case FAQs
When is this test case applicable?
This is applicable for all API endpoints when the Baseline security category is enabled in test plans.
How does it work?
Responses from the API server are analyzed for the presence of sensitive information (PII).
What is the solution?
Verify if PII present in the response is justified by a legitimate business requirement. Ensure that the amount of PII being disclosed in the response is limited to serve the specific use case of the API endpoint.