Ethical hacking · Interview Question

During testing you find sensitive data in responses. What is the right way to handle evidence and disclosure?

Detailed answer, explanation and code for this interview question. Ideal for Ethical hacking interview preparation, coding rounds and viva questions.

Difficulty: HardType: Subjective

Problem Statement

During testing you find sensitive data in responses. What is the right way to handle evidence and disclosure?

Explanation

Stop and minimize exposure. Save only the smallest proof that shows the risk, and redact anything not needed. Use a secure vault for evidence with access logs. Note exact time, request, and response so the team can reproduce. Report quickly to the authorized contact, explain the impact in plain words, and propose a short term containment like response filtering while a proper fix is built.

Code Solution

SolutionRead Only

Evidence log fields: time, endpoint, user role, request id, minimal redacted sample

Practice Sets

This question appears in the following practice sets:

API Hacking

Next Question

More from Ethical hacking

Master Ethical hacking with our complete collection of questions, tutorials and guides.

Browse Subject View All Questions

Mobile App Now Available

Master Interviews
Anywhere, Anytime

Get the Preplance app for a seamless learning experience. Practice offline, get daily streaks, and stay ahead with real-time interview updates.

Get it on

Google Play

4.9/5 Rating on Store

During testing you find sensitive data in responses. What is the right way to handle evidence and disclosure?

Problem Statement

Explanation

Code Solution

Practice Sets

Related Questions

Why is a written scope and Rules of Engagement mandatory before any ethical hacking test?

Which ordering matches the common PTES workflow?

In ethical hacking, what does “without authorization” generally imply for legality?

What is the purpose of a Safe Harbor clause in a vulnerability disclosure or bounty program?

Which activity is typically out of scope for standard penetration tests unless explicitly allowed?

More from Ethical hacking

Master Interviews
Anywhere, Anytime

During testing you find sensitive data in responses. What is the right way to handle evidence and disclosure?

Problem Statement

Explanation

Code Solution

Practice Sets

Related Questions

Why is a written scope and Rules of Engagement mandatory before any ethical hacking test?

Which ordering matches the common PTES workflow?

In ethical hacking, what does “without authorization” generally imply for legality?

What is the purpose of a Safe Harbor clause in a vulnerability disclosure or bounty program?

Which activity is typically out of scope for standard penetration tests unless explicitly allowed?

More from Ethical hacking

During testing you find sensitive data in responses. What is the right way to handle evidence and disclosure?

Problem Statement

Explanation

Code Solution

Practice Sets

Related Questions

Why is a written scope and Rules of Engagement mandatory before any ethical hacking test?

Which ordering matches the common PTES workflow?

In ethical hacking, what does “without authorization” generally imply for legality?

What is the purpose of a Safe Harbor clause in a vulnerability disclosure or bounty program?

Which activity is typically out of scope for standard penetration tests unless explicitly allowed?

More from Ethical hacking

Master Interviews Anywhere, Anytime

During testing you find sensitive data in responses. What is the right way to handle evidence and disclosure?

Problem Statement

Explanation

Code Solution

Practice Sets

Related Questions

Why is a written scope and Rules of Engagement mandatory before any ethical hacking test?

Which ordering matches the common PTES workflow?

In ethical hacking, what does “without authorization” generally imply for legality?

What is the purpose of a Safe Harbor clause in a vulnerability disclosure or bounty program?

Which activity is typically out of scope for standard penetration tests unless explicitly allowed?

More from Ethical hacking

Master Interviews
Anywhere, Anytime