Protect user data privacy
This document provides details on how our data filtering mechanisms work to protect user privacy in Katalon test case generation.
Protecting user privacy is important to us at Katalon. While our TrueTest Agent tracks user interactions to generate test cases and build a user journey map, we understand that some of this data may be sensitive and could pose privacy concerns. To address this, we have implemented data filtering mechanisms to remove sensitive information before processing the data.
Types of data filtered
Data type | Risk | Example |
---|---|---|
Social security numbers | These are unique identifiers for individuals and can be used for identity theft or fraud if obtained by unauthorized individuals. | 123-45-6789 |
Email addresses | These can contain personal information and can be used for spam or phishing attacks if obtained by unauthorized individuals. | john.doe@email.com |
Pv4 and IPv6 addresses | These can be used to track a user's location or identify their device, which can be a privacy concern for some users. |
|
Phone numbers | These can be used for spam or scam calls if obtained by unauthorized individuals. | (123) 456-7890 |
Zip codes | These can be used to infer a user's location and potentially identify them, which can be a privacy concern for some users. | 90210 |
Credit card information:
| These can be used to make unauthorized transactions, commit identity theft, or engage in financial fraud. | 4242424242424242 02/27 123 |
Password | These can be used to gain unauthorized access to accounts, steal sensitive information, and potentially engage in identity theft or fraudulent activities |
How data is filtered
TrueTest Agent applies several techniques and methods to remove sensitive data from the captured user interaction data.
Regular expressions
In the beta release of TrueTest, the agent uses regular expressions to filter data.
socialNumber = '^(?!0{3})(?!6{3})[0-8]\d{2}-(?!0{2})\d{2}-(?!0{4})\d{4}$'
simpleEmail = '[^@ \t\r\n]+@[^@ \t\r\n]+\.[^@ \t\r\n]+'
ipv4 = '(\b25[0-5]|\b2[0-4][0-9]|\b[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}'
ipv6 = '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
phoneNumber = '^[\+]?[(]?[0-9]{3}[)]?[-\s\.]?[0-9]{3}[-\s\.]?[0-9]{4,6}$'
zipCode = '/^[0-9]{5}(?:-[0-9]{4})?$/'
Autocomplete
CREDIT_CARD_NUMBER: 'cc-number'
CREDIT_CARD_EXP: 'cc-exp'
CREDIT_CARD_CVC: 'cc-csc'
Password type
<form>
<label for="passwordField">Password:</label>
<input type="password" id="passwordField" name="password">
<input type="submit" value="Submit">
</form>
Exclusion list
TrueTest Agent allows users to define elements or properties that should be excluded from data capture. This can be done by specifying a CSS class named katalon-excluded
to the UI elements.
Data privacy compliance
Transparency: In the closed beta version, TrueTest Agent transparently informs users about what specific sensitive data is excluded or anonymized via verbal communication as acknowledgment. If users feel their application under test (AUT) does not contain sensitive data, they can try the feature.
User control: TrueTest Agent allows users to request a complete deletion of all tracked data and to stop using the feature if they do not trust the data privacy compliance.
Security monitoring: The internal Security team plays the Data Protection Officer (DPO) role to monitor the data and ensure compliance with GDPR requirements. The team conducts periodic penetration testing and security reviews to identify and address data privacy vulnerabilities.
By implementing these measures, TrueTest Agent is committed to protecting user data and complying with GDPR requirements.