Resources
Courses
Blogs
- On Command Injection over Java’s ProcessBuilder | by CodeThreat | CodeX | Medium
- Security Code Review 101 (owasp.org)
Vulnerable Practice Machines
- [Chat.JS - Vulnerable NodeJS Web-App to practice NoSQLi and Deserialization exploitation](https://github.com/bmdyy/chat.js#chatjs-vulnerable-nodejs-web-app
- TESTR - Vulnerable Python Web-App to practice XSS and Command Injection
- TUDO - A vulnerable PHP Web Application.
- ORDER - A small Python web-app to practice blind SQLi in order by
Checklists
- OWASP_Code_Review_Guide_v2.pdf
- SonarSource static code analysis
- Security code review checklist | Awesome Code Reviews
- mgreiler/secure-code-review-checklist (github.com)
- Checkmarx/Kotlin-SCP: Kotlin Secure Coding Practices is a guide written for anyone using Kotlin for mobile development. (github.com)