ASVS Requirement 14.2.6

• Level: 3
• Chapter: V14 Data Protection
• Section: V14.2 General Data Protection
• Source: 0x23-V14-Data-Protection.md

Description

Verify that the application only returns the minimum required sensitive data for the application's functionality. For example, only returning some of the digits of a credit card number and not the full number. If the complete data is required, it should be masked in the user interface unless the user specifically views it.