This article is a part of our Web Security Knowledge Base (back to index)
Why Information Disclosure - Suspicious Comments can be dangerous
Disclosed comments or commented out source code fragments may help the attacker in understanding your underlying application logic, finding any obsolete but working endpoints, etc.
The attacker may collect additional information about your application by learning source code fragments that were commented out and the actual source code comments, what may lead to finding etc. broken security logic, unused but still working endpoints that may return sensitive data, internal company information (like: personal names of developers, internal network structure), etc.
How to fix Information Disclosure - Suspicious Comments
All public-facing source code should be reviewed for any remaining comments. A good practice is to further obfuscate the release version of your source code that would remove any comments.
How does ScanRepeat report Information Disclosure - Suspicious Comments
ScanRepeat scans your public application code and identify any comments located in your source code, all occurrences are reported showing exact phrases found.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now