Information Leakage is when a web site reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system. Sensitive information may be present within HTML comments, error messages, source code, or simply left in plain sight. There are many ways a web site can be coaxed into revealing this type of information. While leakage does not necessarily represent a breach in security, it does give an attacker useful guidance for future exploitation. Leakage of sensitive information may carry various levels of risk and should be limited whenever possible.
Technical Specifications
- Technical specifications
- WASC TC v2.0 Classes Coverage
- WASC TC v1.0 Classes Coverage
- OWASP Top Ten 2013 Coverage
- OWASP Top Ten 2010 Coverage
- OWASP Top Ten 2007 Coverage
- OWASP Top Ten 2004 Coverage
- 2011 CWE/SANS Top 25 Coverage
- 2010 CWE/SANS Top 25 Coverage
- 2009 CWE/SANS Top 25 Coverage
- The Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- NIST Special Publication 800-53
- Sarbanes-Oxley Act (SOX)
- DISA Security Technical Implementation Guide (STIG)
- ISO/IEC 27001:2005 Coverage
- ISO/IEC 27001:2013 Coverage