Sensitive Information in URL


Description

The application passes sensitive information in the URL when requests are made to the server. URLs may be stored in browser history, proxy logs, server logs, security device logs, among other places, potentially exposing the data to attackers with access to those locations.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply