The application must not expose sensitive information on sections
that are publicly accessible.
Some applications have sections such as web pages and endpoints that are
publicly exposed or do not require an initiated session to be accessed.
These sections should contain neither sensitive corporate information nor
users' or employees' personal data.
Furthermore, corporate sensitive information should not be exposed on personal
social network accounts either.