Code Not Obfuscated


Description

The application does not obfuscate source code. Code obfuscation is the process of creating source or machine code that is difficult for humans to understand. With the widespread availability of tools that can readily decompile source code from an executable or library, attackers can easily review source code in order to identify security weaknesses or to steal intellectual property. Although code obfuscation does not prevent users from reverse engineering source code, it does increase the difficulty and associated costs of reverse engineering. 

Impact

The availability of readable, decompilable source code may allow attackers to identify exploitable vulnerabilities in the application or uncover methods for subverting or bypassing security controls. Source code may also expose business logic or intellectual property that if made public, could cause a financial impact to the organization. 

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply