Sensitive data handling in scan logs
Invicti masks sensitive data before it is written to scan log files. This page describes which types of sensitive data are masked and which log areas are covered.
Sensitive data types that are masked
The following types of sensitive data are masked in scan logs:
- Form Authentication passwords
- Header Authentication values
- Sensitive header values (matched by regex:
proxy-authorization,x-api-key,authorization,location)
Log areas where masking is applied
The sensitive data types listed above are masked across the following log areas:
- Request URLs, console messages, NTLM credential URLs, and error messages in browser intercept logs
- URIs in link pool logging (added, crawled, and error links)
- Login page URLs, cookies, page content, OAuth2 tokens, frame navigation URLs, and request data
- HAR file URLs, headers (sensitive only), query string values, and POST data
- Script content in logs and OAuth2 access tokens
- Target URIs during DOM XSS scanning
- Request/response URIs in proxy logs
- URIs in pre/post request script logging
- URI handling in quarantine system
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center
Was this page useful?