Security Test: Sensitive Comments¶
Description¶
Default Severity:
Sensitive comments are pieces of code documentation that unintentionally reveal details about the application's inner workings. This is dangerous because, if attackers access your source code—even just the comments—they can learn about potential security weaknesses and design flaws that could be exploited. Many developers might leave personal notes or debugging information in the code, not realizing that these details can be gathered by anyone who gets access to the repository, ultimately making the application more vulnerable to targeted attacks.
Configuration¶
Identifier:
information_disclosure/sensitive_comments
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API8:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.3 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.18.1 |
| NIST | SP800-53 |
| FedRAMP | AC-6 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVSS Score | 5.3 |