Sensitive Information Exposure Assertion

Applies to ReadyAPI 3.57, last modified on December 18, 2024

The Sensitive Information Exposure assertion checks whether the last message received exposes sensitive information about the target system. For example, if the response gives away the database version in the error message, a hacker can use this information to exploit known database security issues.

This assertion is applicable to REST, GraphQL, SOAP, and HTTP test steps.

Availability

This assertion is available in multiple ReadyAPI applications. Depending on the application, it validates the following data:

In... Checks... To learn more...
Functional tests The response. See Working With Assertions in Functional Tests.
Security tests The response. See Security Assertions.

Create an assertion

Follow these steps:

Functional test: The Assertions panel

Click the image to enlarge it.

  1. Open a test step.

  2. Click Add assertion.

In the New Assertions dialog, search for the Sensitive Information Exposure assertion or select it manually in the Security category.

Follow these steps:

Security tests: The Assertions panel

Click the image to enlarge it.

  1. Open a security test.

  2. Click Response Assertion next to any scan.

  3. Click in the Assertions panel

In the New Assertions dialog, search for the Sensitive Information Exposure assertion or select it manually in the Security category.

Setting up properties

  1. To create sensitive information token, click . Specify the token name and description in subsequent dialogs.

    ReadyAPI: Configuring the Sensitive Information Exposure assertion

    Click the image to enlarge it.

    To remove the token from the list, click .

  2. To let the assertion get the project-level sensitive information, select the Include project specific sensitive information configuration check box.

Note: The list of default tokens is available on the Global Sensitive Information Tokens page of Preferences.

See Also

Security Assertions
Weak Password Assertion
Sensitive Files Exposure Assertion
Cross Site Scripting Assertion
Basic Authorization Assertion

Highlight search results