πŸ”
πŸ”
πŸ”
πŸ”
Secure Coding Handbook
Search…
Secure Coding Handbook
Resources
Client side
Cross-Site Scripting [XSS]
Cross-Site Request Forgery [CSRF]
Clickjacking
Open Redirects
Server Side
SQL Injections [SQLi]
XML External Entity Injection [XXE]
OS Command Injection [Command Execution]
File Upload
Server-Side Request Forgery [SSRF]
Host Header Injection
Authentication
Directory Traversal
Template Injection [SSTI]
API
Broken Object Level Authorization
Excessive Data Exposure
Mass Assignment
Auxiliary
Vulnerable Dependency Management
Deserialization
Logging
Solidity
Re-Entrancy
Powered By GitBook
Secure Coding Handbook
Welcome to the Secure Coding Handbook! Here, you will find everything that I have found on secure coding: best practices, analyzing, and, of course, patching code-related vulnerabilities. All of the enumerated attacks and defensive techniques are strictly related to web applications. (for now :) )

Handbook structure:

Spotted a bug?

Making mistakes is human nature, fortunately. Please note that I am by no means an expert and should you find something that is totally erroneous or deviated from the subject, please create an issue here.

Want to contribute?

Sure thing! Message me on Twitter @VladToie, or simply write a pull request in the Secure-Coding-Handbook repository.
You can also buy me a Pizza so I wouldn't have to cook it myself, and write more guides in that time =D
Vlad is developing the Secure Coding Handbook.
Buy Me a Coffee
Next
Resources
Last modified 6mo ago
Copy link
Contents
Handbook structure: