Leak Test

DataLeakTest

DLP Validation and Testing

please contribute by turning off ad blockers for this site

Your public IP address is: 18.232.186.117; more info

Updated 3/10/2020

SSL is: on ; more info

Data Loss Prevention (DLP) Get WebForm Data Self Test

Built by Engineers for Engineers

This page is used to test data leakage out to the web using the Get method. Read below for more info.

DLP for O365, Gmail, Box, DropBox, OneDrive, Gdrive, Teams, Slack and more!

1) Select SSL OFF or SSL ON (currently on)

2) Insert data into the box below and then click "GET TEST" to attempt leakage

2) A results page will display any data leaked

*Function: data is loaded into DataLeakTest.com web server memory then displayed on the results page as part of the URL. The data is not retained when your session ends.

sample-data.csv sample-data.pdf sample-data.xls Page

SSL is on ; it is much more challenging for Data Security tools to detect a leak over SSL.

Turn SSL OFF

Turn SSL ON

How to use this page (3 min)

Data Security testing: use this site to test controls that trigger security functions

Enterprise DLP testing: visit this page from inside your enterprise to test for data leakage policy compliance.

Endpoint DLP testing: visit this page from any corporate computing device to test detection and prevention of Endpoint DLP solutions.

Cloud Data Theft testing: visit this page from your cloud database server to test the ability to leak test data -simulating mass data exfiltration or abnormal data behavior.

CASB: in full cloud proxy deployments this site can be used to test advanced CASB DLP capabilities.

GET is the least common method used to leak data over web page forms. Social media sites, blogs, forums, some web based email forms, as well as botnet/ back door, malware phone home, and data theft tools can use this method to "exfiltrate" or steal data.s

GET is a method of upload from a web page form where the page variables (form data) are pulled from server. In this case when the "Submit" button is pushed the variables/ data are pulled from the server to be used to build the content of the following page. If the Data Security product worked a block page will be displayed. If the page displays showing your data then the data was successfully leaked to the world.

* Network based Data Security tools usually do not detect this method because of the overhead associated with looking at every GET request. A GET request is made every time the browser calls a page or site. Typically the GET is used by the browser to retrieve content and POST is used to send data to the web server from the browser.

This page demonstrates that the GET method can be used to steal data and get around network-based security devices. GET over HTTPS (SSL) usually can get through all security tools even if the tool can inspect HTTPS (SSL). Endpoint based Data Security tools are best suited for detecting data leaks that leverage the GET style of upload.

**Data posted through the "GET" form is not collected or stored

---ads here to fund our site, please turn ad blockers off---

Donate to help build free tools: donations help to pay the bills

---ads here to fund our site, please turn ad blockers off---

Free expert DLP help from top experts

Have data security questions? Want expert advice? Just want to say hello or give suggestions?

Please use the form to instantly message our team.

---ads here to fund our site, please turn ad blockers off---

2020 IGNITE Cyber Security