Source Code Disclosure


The application discloses source code to users. Source code is designed to be executed dynamically on the server, however the application exposes the code to users on the front end.  Disclosing source code can provide attackers with sensitive information, details about how the application works, and useful information that can be used to identify additional vulnerabilities in the application and supporting infrastructure.


The availability of source code may provide useful information regarding the application or infrastructure that may help attackers identify vulnerabilities to exploit. In some cases, source code may provide access to sensitive information such as encryption keys, database connection strings, or other configuration information. Source code may also reveal business logic or intellectual property that is not designed to be shared outside the organization. The availability of source code also offers attackers the chance to review the code for vulnerabilities using publicly available databases in order to further attack the application. 

Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database


Leave a Reply