I will say, though, that the type of data that is considered "sensitive" changes. For example, marketing websites usually have a location where the public can view press releases. With many of these websites, when you view the press release and look at the URL will see something similar to this:
A common vulnerability that can exist here is that an attack can gain access to the press release before it is released to the public by just incrementing the ID in the URL, e.g., http://marketingsite.com/pressrelease.aspx?id=24, which although not public yet can now be viewed. I don't have to explain to you the impact of what that can cause.
Dig Deeper on Software Security Test Best Practices
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.