Application Security Terminology

Glossary

Information Leakage

Did You Know? There is a 37% likelihood that your website is vulnerable to Information Leakage

READ STATS REPORT

Information leakage allows an application to reveal sensitive data such as technical details of the application, developer comments, environment, or user-specific data. This sensitive data may then be used by an attacker to exploit the target application, its hosting network, or its users. 

Information leakage, in its most common form, is the result of one or more of the following conditions: a failure to scrub out HTML/script comments containing sensitive information; improper application or server configurations; or differences in page responses for valid vs. invalid data.

Sensitive information may be present within HTML comments, error messages, source code, or simply left in plain sight, and there are many ways a website can be coaxed into revealing this type of information. While Information Leakage doesn't necessarily represent a breach in security, it does give an attacker useful guidance for future exploitation.