--> Sometimes an HTTP response from the web application can contain sensitive information such as credit card numbers or Bank account information.
--> ASM can prevent the exposure of sensitive information by masking or blocking HTTP responses that contain sensitive information.
--> The Data Guard feature must be enabled in the ASM in order to get the PCI Compliance.
--> PCI ( Payment Card Industry) Compliance is created in 2004 is created to protect the Card Holders Data and designed to reduce credit card frauds.
--> PCI Security Standards perform the auditing of PCI Compliance.
--> ASM can prevent the sensitive Data Exposure in the HTTP response by two ways:
i) By Masking the sensitive data in HTTP Response
ii) By Blocking the HTTP responses which contains the Sensitive Data
--> It is recommended to configure masking the sensitive data If the security policy is in Transparent Mode.
--> ASM can also check the content of the specific file types such as Microsoft Office Documents, PDFs, Executables, ELF Files, and Binary files for the Sensitive Information.
--> If the ASM finds the sensitive content in the file types above then it either blocks the HTTP response or generates an alarm.
--> By default, ASM can detect sensitive content in HTTP responses such as credit card numbers, Social Card Numbers.
--> If you want ASM to detect other sensitive content information then you have to create custom patterns under Data Guard Settings.
--> We also have the ability to specify the content which is not sensitive with the help of " Exception Patterns" under Data Guard Settings.
--> By default, All the URL HTTP responses are scanned by data guard for sensitive information.
--> If you want to enable the scanning of sensitive data only for a particular URL then we can do it by " Enforce the URL" adding the required URLs in the field that needs to be scanned.
--> The last thing you need to do is enable "Learn/Alarm/Block" "Data Guard Information Leakage" under Learning and Blocking Settings.
--> You can check the Data Guard Logs under Security > Event Logs > Application > Requests.