Visible sensitive data (PII/other)

Suggest Edits

It is sometimes common to include PII in tests, data files and through certain integration systems. However it is best practice to mask these, or not use PII at all in these occasions.

We have found some visible sensitive data.

Problem

We have found visible sensitive data in app configuration file, history file, stored plainly, in code, infrastructure, or configuration repository.

Fix

Delete and remove private data from code, infrastructure, tests, and automation projects. If you must, you can synthesize such data using libraries like:

Faker
faker (ruby)
faker (python)

See

NIST 800-122 on PII

Updated over 1 year ago