Skip to content
/ secure-code-review-challenges Public

This repo contains the code for my secure code review challenges. I was told that people used this as the primary resources to pass FAANG AppSec interviews ;)

226 stars 59 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dub-flow/secure-code-review-challenges

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

116 Commits
challenge-01
challenge-01
 
 
challenge-02
challenge-02
 
 
challenge-03
challenge-03
 
 
challenge-04
challenge-04
 
 
challenge-05
challenge-05
 
 
challenge-06
challenge-06
 
 
challenge-07
challenge-07
 
 
challenge-08
challenge-08
 
 
challenge-09
challenge-09
 
 
challenge-10
challenge-10
 
 
challenge-11
challenge-11
 
 
challenge-12
challenge-12
 
 
challenge-13
challenge-13
 
 
challenge-14
challenge-14
 
 
challenge-15
challenge-15
 
 
challenge-16
challenge-16
 
 
challenge-17
challenge-17
 
 
challenge-18
challenge-18
 
 
challenge-19
challenge-19
 
 
challenge-20
challenge-20
 
 
challenge-21
challenge-21
 
 
challenge-22
challenge-22
 
 
challenge-23
challenge-23
 
 
challenge-24
challenge-24
 
 
challenge-25
challenge-25
 
 
challenge-26
challenge-26
 
 
challenge-27
challenge-27
 
 
challenge-28
challenge-28
 
 
challenge-29
challenge-29
 
 
challenge-30
challenge-30
 
 
README.md
README.md
 
 

Repository files navigation

Secure Code Review Challenges

This repo contains the code for my Secure Code Review challenges. The idea is to look at basic web vulnerabilities in a language-agnostic way.

If you like these challenges, you may want to check out my LeoTrace Community. Sign-up is free and it allows you to collaborate with like-minded people, ask me any questions you may have, and much more!

Challenges

Those marked with 🔴🎬 have a YouTube walkthrough available (you can find the link in the ./solution.md in the challenge folder).

  1. Open Redirect 🔴🎬
  2. Server-side Request Forgery 🔴🎬
  3. Weak Password Hashing
  4. Hardcoded Credentials
  5. XML External Entity Attack 🔴🎬
  6. Cross-site Scripting
  7. Host Header Injection 🔴🎬
  8. Nginx Off-By-Slash
  9. Broken Access Control (IDOR) 🔴🎬
  10. Broken Access Control (JWT missing verification)
  11. Path Normalization Bypass
  12. Unquoted Bash Variables
  13. SQL Injection
  14. Race Condition
  15. HTTP Response Splitting
  16. RCE via File Upload
  17. OS Command Injection
  18. Insecure Deserialization
  19. Server-side Template Injection
  20. Local File Inclusion (Path Traversal)
  21. CORS Misconfiguration (Reflected Origin header)
  22. Eval Injection
  23. Unsafe Reflection
  24. XSLT Injection
  25. NoSQL Injection
  26. ...
  27. ...
  28. ...
  29. ...

About

This repo contains the code for my secure code review challenges. I was told that people used this as the primary resources to pass FAANG AppSec interviews ;)

Topics

appsec ethical-hacking bug-hunting

Resources

Readme
Activity

Stars

226 stars

Watchers

10 watching

Forks

59 forks
Report repository

Languages