spec checked
OWASP MASTG: Checking for Sensitive Data Disclosure Through the User Interface
Supports testing whether application UI components disclose sensitive information, including values that should be protected from unnecessary display or leakage.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Sensitive-data reveal | Choose sensitive-data reveal when a normally masked or redacted value needs a deliberate temporary reveal, hide, peek, copy, partial reveal, reauthentication, or audited access path. | The value is masked by default unless the user is actively entering it and the platform-specific control intentionally permits display. | Supports checking whether sensitive information is disclosed through application UI components. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: OWASP Foundation. Last checked: .