It is generally not recommended to use live production credentials and other sensitive data in web monitoring. The best approach is to create and utilize dedicated test data, such as user credentials, credit card and payment transaction data, customer or employee accounts, and other business-related data. However, in some cases, test data is not available and production data must be used to create a monitoring test scenario. In this article we will discuss possible strategies that are useful to avoid recording any personally identifiable information (PII) when working with the Dotcom-Monitor platform.

By default, Dotcom-Monitor will capture a video as we going through the transactions in a browser window. In addition, the system takes screenshots of the browser window on validation errors. Recording these sessions provides understanding on how the web resource appears and behaves in the browser window from the user’s perspective. Thus, the video and screenshots of recorded transactions are an important tool for error troubleshooting and test results analysis. For more information on how we record video, see Video Recording.

Even though the video and screenshots may be handy upon error troubleshooting, keep in mind that the records can be accessed by other authorized users of your Dotcom-Monitor account from within a device’s Online Report.

 

Also, you may need to use production data as a part of the HTTP requests to the target resource, or while recording a script with the EveryStep Web Recorder. Such data will be displayed on the Waterfall Chart or in the EveryStep script body.

Disabling Transactions Recording

If you don’t want any transactions to be recorded due to security reasons, we provide the options to disable video recording and screenshot features.

To turn off the video recording of a monitoring session or screenshots, go to the related monitoring device settings and disable the options.

Encrypting Sensitive Data in EveryStep Scripts

To encrypt any string data in the EveryStep script, convert them to context parameter and save to a central Secure Vault. This way the data values will be hidden in the monitoring scripts and reports, including Online Reports and Waterfall charts. For more details, see How to Secure Passwords and Other Sensitive Information in EveryStep Recorder.

You may also want to temporarily pause session recording when it comes to sensitive web content instead. You can do this by using the Video Recording function of the desktop version of EveryStep Scripting Tool. Alternatively, you can hide specific regions on the recorded video. The masked region will stay hidden on the captured video of web app transactions for all users of your Dotcom-Monitor account. To find more about using these advanced features of the EveryStep Scripting Tool, see the Managing Video Recording in EveryStep Recorder to Protect PII article of our wiki.