Information Disclosure - Suspicious Comments

Disclosed comments or commented out source code fragments may help the attacker in understanding your underlying application logic, finding any obsolete but working endpoints, etc.

The attacker may collect additional information about your application by learning source code fragments that were commented out and the actual source code comments, what may lead to finding etc. broken security logic, unused but still working endpoints that may return sensitive data, internal company information (like: personal names of developers, internal network structure), etc.

All public-facing source code should be reviewed for any remaining comments. A good practice is to further obfuscate the release version of your source code that would remove any comments.

ScanRepeat scans your public application code and identify any comments located in your source code, all occurrences are reported showing exact phrases found.