Test all browser based
Data Fact: Web based data leaks happen through
browser http "post", "file upload", or "get".
This site is for testing and tuning of DLP, CASB, and UEBA
For Compliance and Data Security; test your policies and
controls as required by most standards: to test & tune as part
of a continuous improvement model.
The below tests challenge the ability for an organization to prevent and detect
sensitive data leaks.
The most trusted DLP test site since 2011
Most data leaks are sourced
from Shadow IT or personal file storage, personal email,
and personal chat apps. This type of leakage is what we test
for on this site.
The other cause of large
data breaches is ransomware and data stealing malware
that executes as the user. The large majority of these
threats come through fraudulent email. Test email fraud
Another is a direct attack
on cloud apps or physical infrastructure
attack is risky and difficult for an attacker and
By preventing your data
from going to unknown destinations on the web you can
prevent shadow IT and data misuse. Use this site to test
all of the different ways data can be leaked to an
There are 2 major ways data
1) Internal Theft (Users being users)
a. Sending Data where it should not go
into sending Data where it should not go
2) External theft (Bad
people being bad)
Attacking the user (see item 1)
As outlined above, data risk is mostly from users and sometimes
"bad actors". The bottom line is; if you can prevent an "insider" from misusing the data then an attacker
or malware will also be under the same data constraints
Federal agencies and
Enterprises of all sizes use this site to test the ability to
leak or exfiltrate sensitive data by uploading data out to
This site is also used
by these agencies for mandatory DLP solution validation
for Governance, Risk, and Compliance (GRC) frameworks
such as: HIPAA, PCI DSS, ISO 27002, NIST 00-53, CIS CSC
Top 20, COBIT5, ITIL, FERC/ NERC, NIPSOM, and UL 2900.
The site is also
popular for proof of concept (POC) / product evaluations to
compare efficacy of competing solutions
like Symantec, McAfee, Digital Guardian, Forcepoint, Fidelis to
name some of the most popular.
The tests on this site
challenges the ability for an organization to prevent and detect
sensitive data leaks.
The most common data exfitration
methods are: user error, unsecure business processes, shadow IT,
insider threats, IOT, compromised assets, malware & bot based