docs: Add Attack Scenario OWASP#2

Author: PauloASilva

2019/en/0xa5-sensitive-data-exposure.md

@@ -8,10 +8,20 @@ A5:2019 Sensitive Data Exposure
 
 ## Is the API Vulnerable?
 
-## How To Prevent
-
 ## Example Attack Scenarios
 
+### Scenario #1
+
+### Scenario #2
+
+Inspecting a mobile app traffic an attacker finds out that not all HTTP traffic
+is performed on a secure protocol (TLS), namely profile images download. As user
+interaction is binary, despite API traffic is performed on a secure protocol,
+the attacker finds a pattern on API responses size which he uses to track user
+preferences over the rendered content (profile images).
+
+## How To Prevent
+
 ## References
 
 ### OWASP