Configurable Data Exposure Analyzer

Description:
The Configurable Data Exposure Analyzer empowers teams to define and enforce custom rules for detecting sensitive data exposure in API responses. Built into Aptori’s scanning engine, this analyzer uses user-specified patterns to identify when confidential fields—like PII, credentials, or financial data—are exposed, helping prevent data leaks before they reach production.

By tailoring the detection logic to match your exact definition of “sensitive,” this feature ensures high precision and relevance—far beyond generic pattern matching.

How It Works:

• User-Specified Patterns
  Each rule is defined as a pair of regular expressions:
  • Field Pattern – matches the field name (e.g., "email", "ssn")
  • Value Pattern – matches the value contents (e.g., "@company.com", numeric formats)
    A finding is reported only if both patterns match the same field-value pair.
• Unauthenticated vs. Authenticated Responses
  • By default, the analyzer reports data leaks only in unauthenticated API responses
  • Set reportAuthenticated: true to also catch leaks in authenticated contexts
• Seamless Integration
  Add the DataExposure analyzer to your Aptori scan configuration. Findings appear directly in merge requests or in the Aptori dashboard, alongside vulnerability and logic-flaw reports.

Where to Find It:
Configure under Scan Configuration → Analyzers → DataExposure in the Aptori platform. Patterns can be reused from the Patterns library.

Who Can Use It:
Available to users with permissions to configure analyzers and testing rules. Ideal for AppSec engineers, compliance teams, and developers working on data-sensitive systems.

Why It Matters:
“With the Configurable Data Exposure Analyzer, you define the rules—Aptori enforces them, catching every instance of sensitive data exposure before it reaches production.”