🔐
Secure Coding Handbook
🔐
Secure Coding Handbook
Secure Coding Handbook
Resources
Client side
Cross-Site Scripting [XSS]
Cross-Site Request Forgery [CSRF]
Clickjacking
Open Redirects
Server Side
SQL Injections [SQLi]
XML External Entity Injection [XXE]
OS Command Injection [Command Execution]
File Upload
Server-Side Request Forgery [SSRF]
Host Header Injection
Authentication
Directory Traversal
Template Injection [SSTI]
Auxiliary
Vulnerable Dependency Management
Deserialization
Logging
Powered by GitBook

Secure Coding Handbook

Welcome to the Secure Coding Handbook! Here, you will find everything that I have found on secure coding: best practices, analyzing, and, of course, patching code-related vulnerabilities. All of the enumerated attacks and defensive techniques are strictly related to web applications. (for now :) )

Handbook structure:

Spotted a bug?

Making mistakes is human nature, fortunately. Please note that I am by no means an expert and should you find something that is totally erroneous or deviated from the subject, please create an issue here.

Want to contribute?

Sure thing! Message me on Twitter @VladToie, or simply write a pull request in the Secure-Coding-Handbook repository.

You can also buy me a Pizza so I wouldn't have to cook it myself, and write more guides in that time =D

Next
Resources
Last updated 3 weeks ago
Edit on GitHub