Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.156 Source code without sensitive information

This documents contains the details of the security requirements related to source code security in the applications. This requirement establishes the importance of developing source code without sensitive information in order to avoid security breaches in the application.


Source code must not contain sensitive information.


  1. OWASP-ASVS v3.1-1.10 Security is addressed within all parts of the software development lifecycle.

  2. OWASP-ASVS v3.1-2.29 Verify that secrets, API keys, and passwords are not included in the source code, or online source code repositories.

Service status - Terms of Use