Open ImanSharaf opened 2 hours ago
related: #1468
Furthermore, I believe the final production-ready artifact for any web app should be obfuscated and protected against reverse engineering.
Personally I don't share that view.
Security through obscurity: While not a complete security solution, obfuscation can add an extra layer of difficulty for potential attackers trying to understand the code.
@elarlang what about removing 14.1.2 and modifying 10.2.3 to exclude system level keywords?
Current Item Text
10.2.3: "Verify that the application source code and third party libraries do not contain back doors, such as hard-coded or additional undocumented accounts or keys, code obfuscation, undocumented binary blobs, rootkits, or anti-debugging, insecure debugging features, or otherwise out of date, insecure, or hidden functionality that could be used maliciously if discovered."
Scope Inconsistency: Desktop vs. Web Applications
Also, I believe based on the same logic we should remove 14.1.2, as C and C++ are not common languages for web app development.
Furthermore, I believe the final production-ready artifact for any web app should be obfuscated and protected against reverse engineering.