Sensitive Information Exposure Assertion

The Sensitive Information Exposure assertion checks whether the last message received exposes sensitive information about the target system. For example, if the response gives away the database version in the error message, a hacker can use this information to exploit known database security issues.

Important

This assertion is applicable to REST, GraphQL, SOAP, and HTTP test steps.

Availability

This assertion is available in multiple ReadyAPI applications. Depending on the application, it validates the following data:

In...

Checks...

To learn more...

Functional tests

The response.

See Working With Assertions in Functional Tests.

Security tests

The response.

See Security Assertions.

Create an assertion

Setting up properties

  1. To create sensitive information token, click add.png . Specify the token name and description in subsequent dialogs.

    ReadyAPI: Configuring the Sensitive Information Exposure assertion

    To remove the token from the list, click remove-new.png .

  2. To let the assertion get the project-level sensitive information, select the Include project specific sensitive information configuration check box.

Note: The list of default tokens is available on the Global Sensitive Information Tokens page of Preferences.

Other Security Assertions

Add more assertions to ensure the security of the tested service:

See Also

Publication date: