Application testing cases - describe possible sensitive data exposure issues.

Does the application display to screen full debit or credit card numbers? Does the application store PCI data in an unencrypted format? Does the application transmit PII/PCI data over an unencrypted channel? Does the application display to screen full SSN? Are application tokens or keys hardcoded into source code or HTML source pages? Does the application use weak cryptography (e.g. keys less than128 bits or crypto protocols with known vulnerabilities)?​