Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.183 Delete sensitive data securely

This document contains the details of the security requirements related to definition and management of sensitive data in the organization. This requirement establishes the importance of removing sensitive data securely when they are no longer required to avoid information leakages.


System must support the secure removal of sensitive data when they are no longer required, so that they can not be recovered.


  1. OWASP-ASVS v3.1-9.6 Verify that there is a method to remove each type of sensitive data from the application at the end of the required retention policy.

  2. OWASP-ASVS v3.1-9.11 Verify that sensitive information maintained in memory is overwritten with zeros as soon as it no longer required, to mitigate memory dumping attacks.

Service status - Terms of Use