Source Code Disclosure


Description

The application discloses source code to users. Source code is designed to be executed dynamically on the server, however the application exposes the code to users on the front end.  Disclosing source code can provide attackers with sensitive information, details about how the application works, and useful information that can be used to identify additional vulnerabilities in the application and supporting infrastructure.

Impact

The availability of source code may provide useful information regarding the application or infrastructure that may help attackers identify vulnerabilities to exploit. In some cases, source code may provide access to sensitive information such as encryption keys, database connection strings, or other configuration information. Source code may also reveal business logic or intellectual property that is not designed to be shared outside the organization. The availability of source code also offers attackers the chance to review the code for vulnerabilities using publicly available databases in order to further attack the application. 

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply