Lack of code obfuscation
When developers do not obfuscate the code when compiling the binary, an attacker can decompile the code using some tools such as JD GUI & Dnspy.
To decompile the application, we just need to open the exe file in dnspy tools, as shown below.
Vulnerable Application: Damn Vulnerable Thick Client App (DVTA)
Similarly, we can decompile the jar file using JD-GUI.