== Ask Yourself Whether

* The web application serves HTTP responses which contain confidential information belonging to an authenticated user for instance.
* Resources like images or documents (contract.png, attachment.png etc...) are only accessible to private groups (authenticated, administrators ...) of users.

There is a risk if you answered yes to any of those questions.