The source code must not contain commented-out code when it is deployed to the production environment.
CWE-1085: Invokable Control Element with Excessive Volume of Commented-out Code. A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.
OWASP-ASVS v4.0.1 V14.2 Dependency.(14.2.2) Verify that all unneeded features, documentation, samples, configurations are removed, such as sample applications, platform documentation, and default or example users.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation