V8.3 — Sensitive Private Data
Sensitive Private Data: 8 L3 requirement(s). V8.3.1: Verify that sensitive data is sent to the server in the HTTP message body or headers, and that query string parameters f... V8.3.2: Verify that users have a method to remove or export their data on demand. V8.3.3: Verify that users are provided clear language regarding collection and use of supplied personal information and that use... ... and 5 more.
| Property | Value |
|---|---|
| Section | V8.3 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-DATA-06 | PII Field Encryption for User Records |
| SID-PRIV-01 | Minimal Disclosure Enforcement |
| SID-PRIV-03 | Right-to-Erasure Bulk Deletion API |
Source: OWASP Application Security Verification Standard 4.0.3