Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings
/ secure-code-review-challenges Public

This repo contains the code for my secure code review challenges. I was told that people used this as the primary resources to pass FAANG AppSec interviews ;)

244 stars 63 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dub-flow/secure-code-review-challenges

BranchesTags
Open more actions menu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

134 Commits
challenge-01
challenge-01
 
 
challenge-02
challenge-02
 
 
challenge-03
challenge-03
 
 
challenge-04
challenge-04
 
 
challenge-05
challenge-05
 
 
challenge-06
challenge-06
 
 
challenge-07
challenge-07
 
 
challenge-08
challenge-08
 
 
challenge-09
challenge-09
 
 
challenge-10
challenge-10
 
 
challenge-11
challenge-11
 
 
challenge-12
challenge-12
 
 
challenge-13
challenge-13
 
 
challenge-14
challenge-14
 
 
challenge-15
challenge-15
 
 
challenge-16
challenge-16
 
 
challenge-17
challenge-17
 
 
challenge-18
challenge-18
 
 
challenge-19
challenge-19
 
 
challenge-20
challenge-20
 
 
challenge-21
challenge-21
 
 
challenge-22
challenge-22
 
 
challenge-23
challenge-23
 
 
challenge-24
challenge-24
 
 
challenge-25
challenge-25
 
 
challenge-26
challenge-26
 
 
challenge-27
challenge-27
 
 
challenge-28
challenge-28
 
 
challenge-29
challenge-29
 
 
challenge-30
challenge-30
 
 
README.md
README.md
 
 

Repository files navigation

Secure Code Review Challenges

This repo contains the code for my Secure Code Review challenges. The idea is to look at basic web vulnerabilities in a language-agnostic way.

If you like these challenges, you may want to check out my LeoTrace Community. Sign-up is free and it allows you to collaborate with like-minded people, ask me any questions you may have, and much more!

Challenges

Those marked with 🔴🎬 have a YouTube walkthrough available (you can find the link in the ./solution.md in the challenge folder).

  1. Open Redirect 🔴🎬
  2. Server-side Request Forgery 🔴🎬
  3. Weak Password Hashing
  4. Hardcoded Credentials
  5. XML External Entity Attack 🔴🎬
  6. Cross-site Scripting
  7. Host Header Injection 🔴🎬
  8. Nginx Off-By-Slash
  9. Broken Access Control (IDOR) 🔴🎬
  10. Broken Access Control (JWT missing verification)
  11. Path Normalization Bypass 🔴🎬
  12. Unquoted Bash Variables
  13. SQL Injection
  14. Race Condition 🔴🎬
  15. HTTP Response Splitting
  16. RCE via File Upload 🔴🎬
  17. OS Command Injection
  18. Insecure Deserialization
  19. Server-side Template Injection
  20. Local File Inclusion (Path Traversal)
  21. CORS Misconfiguration (Reflected Origin header)
  22. Eval Injection
  23. Unsafe Reflection
  24. XSLT Injection
  25. NoSQL Injection
  26. Prototype Pollution
  27. Integer Overflow
  28. ...
  29. ...
  30. ...

About

This repo contains the code for my secure code review challenges. I was told that people used this as the primary resources to pass FAANG AppSec interviews ;)

Topics

appsec ethical-hacking bug-hunting

Resources

Readme
Activity

Stars

244 stars

Watchers

9 watching

Forks

63 forks
Report repository

Languages
Morty Proxy This is a proxified and sanitized view of the page, visit original site.