How to Prevent Information Disclosure
- Make sure all developers are aware of what is considered sensitive information
- Audit any code for potential information disclosure as part of the QA/build process
- Use generic error messages as much as possible
- Double-check that debugging and diagnostics features are disabled in the prod environment
- Make sure you fully understand security implications of third party software