diff --git a/app.js b/app.js
index 611870341fc..4d67a9c63c0 100644
--- a/app.js
+++ b/app.js
@@ -80,9 +80,10 @@ if (app.get('env') == 'development') {
   app.use(errorHandler());
 }
 // Introduce Token
-
+/*
 var token = 'SECRET_TOKEN_f8ed84e8f41e4146403dd4a6bbcea5e418d23a9';
 console.log('token: ' + token);
+*/
 
 http.createServer(app).listen(app.get('port'), function () {
   console.log('Express server listening on port ' + app.get('port'));
diff --git a/routes/index.js b/routes/index.js
index 01c9dfcafc6..c09cee2dc49 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -35,7 +35,7 @@ exports.index = function (req, res, next) {
 };
 
 // Insert new vulnerable code:
-
+/*
 
 exports.loginHandler = function (req, res, next) {
   if (validator.isEmail(req.body.username)) {
@@ -69,7 +69,7 @@ if (validator.isEmail(req.body.username)) {
 } else {
   return res.status(401).send()
 };
-
+*/
 
 function adminLoginSuccess(redirectPage, session, username, res) {
   session.loggedIn = 1
@@ -208,7 +208,7 @@ exports.create = function (req, res, next) {
 };
 
 // Insert new vulnerable code:
-
+/*
 exports.destroy = function (req, res, next) {
   Todo.findById(req.params.id, function (err, todo) {
 
@@ -249,6 +249,7 @@ exports.update = function (req, res, next) {
     });
   });
 };
+*/
 
 // ** express turns the cookie key to lowercase **
 exports.current_user = function (req, res, next) {