AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Suspicious Comment

Sensitive data or internal sensitive information leading to vulnerabilities may leak through code comments

Severity

Low

Fix Cost

Low

Trust Level

Low

Comments are the key mechanism in order to make easier for a human to read a code and understand its goal, tricks etc.

Since comments can be rich, sometimes, we, developers put far more information than we should put and then forget all about it. These comments may also indicate potential vulnerabilities if they fall into the hands of malicious parties.

Some of the indicators of suspicious comments may include keywords; BUG, TRICK, NOTE: HACK, FIXME, LATER, TODO and even the cursing words depending on the mood of the developer.

                                     
// NOTE: test username: amanda password: j4SH3#!0d
                   
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!