Skip to content

dub-flow/secure-code-review-challenges

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

112 Commits
challenge-01
challenge-01
 
 
challenge-02
challenge-02
 
 
challenge-03
challenge-03
 
 
challenge-04
challenge-04
 
 
challenge-05
challenge-05
 
 
challenge-06
challenge-06
 
 
challenge-07
challenge-07
 
 
challenge-08
challenge-08
 
 
challenge-09
challenge-09
 
 
challenge-10
challenge-10
 
 
challenge-11
challenge-11
 
 
challenge-12
challenge-12
 
 
challenge-13
challenge-13
 
 
challenge-14
challenge-14
 
 
challenge-15
challenge-15
 
 
challenge-16
challenge-16
 
 
challenge-17
challenge-17
 
 
challenge-18
challenge-18
 
 
challenge-19
challenge-19
 
 
challenge-20
challenge-20
 
 
challenge-21
challenge-21
 
 
challenge-22
challenge-22
 
 
challenge-23
challenge-23
 
 
challenge-24
challenge-24
 
 
challenge-25
challenge-25
 
 
challenge-26
challenge-26
 
 
challenge-27
challenge-27
 
 
challenge-28
challenge-28
 
 
challenge-29
challenge-29
 
 
challenge-30
challenge-30
 
 
README.md
README.md
 
 

Repository files navigation

Secure Code Review Challenges

This repo contains the code for my Secure Code Review challenges.

Challenges

Those marked with 🔴🎬 have a YouTube walkthrough available (you can find the link in the ./solution.md in the challenge folder).

  1. Open Redirect 🔴🎬
  2. Server-side Request Forgery 🔴🎬
  3. Weak Password Hashing
  4. Hardcoded Credentials
  5. XML External Entity Attack 🔴🎬
  6. Cross-site Scripting
  7. Host Header Injection 🔴🎬
  8. Nginx Off-By-Slash
  9. Broken Access Control (IDOR) 🔴🎬
  10. Broken Access Control (JWT missing verification)
  11. Path Normalization Bypass
  12. Unquoted Bash Variables
  13. SQL Injection
  14. Race Condition
  15. HTTP Response Splitting
  16. RCE via File Upload
  17. OS Command Injection
  18. Insecure Deserialization
  19. Server-side Template Injection
  20. Local File Inclusion (Path Traversal)
  21. CORS Misconfiguration (Reflected Origin header)
  22. Eval Injection
  23. Unsafe Reflection
  24. XSLT Injection
  25. NoSQL Injection
  26. ...
  27. ...
  28. ...
  29. ...

About

This repo contains the code for my secure code review challenges

Topics

appsec ethical-hacking bug-hunting

Resources

Readme
Activity

Stars

157 stars

Watchers

7 watching

Forks

43 forks
Report repository

Languages