🔐
Secure Coding Handbook
  • Secure Coding Handbook
  • Resources
  • Client side
    • Cross-Site Scripting [XSS]
    • Cross-Site Request Forgery [CSRF]
    • Clickjacking
    • Open Redirects
  • Server Side
    • SQL Injections [SQLi]
    • XML External Entity Injection [XXE]
    • OS Command Injection [Command Execution]
    • File Upload
    • Server-Side Request Forgery [SSRF]
    • Host Header Injection
    • Authentication
    • Directory Traversal
    • Template Injection [SSTI]
  • API
    • Broken Object Level Authorization
    • Excessive Data Exposure
    • Mass Assignment
  • Auxiliary
    • Vulnerable Dependency Management
    • Deserialization
    • Logging
  • Solidity
    • Re-Entrancy
Powered by GitBook
On this page
  • 1. Training:
  • 2. Documentation:
  • 3. Tools and miscellaneous:

Was this helpful?

Resources

Current known list of resources

1. Training:

  • https://application.security/free/owasp-top-10-API

  • https://free.codebashing.com/

  • https://github.com/ManicodeSecurity

  • https://owasp.org/SecureCodingDojo/codereview101/

  • https://wiki.owasp.org/index.php/

  • https://portswigger.net/web-security

  • https://www.shiftleft.io/learn/

  • https://www.hacksplaining.com/exercises/

  • https://ethernaut.openzeppelin.com/

2. Documentation:

  • https://checkmarx.gitbooks.io/js-scp/content

  • https://about.gitlab.com/handbook/engineering/security/secure-coding-training.html

  • https://owasp.org/www-project-secure-coding-dojo/

  • https://github.com/nxvl/secure-coding-with-python

  • https://github.com/OWASP/Go-SCP

  • https://owasp.org/www-community/attacks/

  • https://owasp.org/www-community/controls/Static_Code_Analysis

  • https://code.google.com/archive/p/browsersec/

  • https://nostarch.com/websecurity

  • https://github.com/lirantal/awesome-nodejs-security

  • https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf

  • Web Application Security: Exploitation and Countermeasures for Modern Web Applications[Andrew Hoffman]

  • Web Security for Developers: Real Threats, Practical Defense [Malcolm McDonald]

  • https://seclab.stanford.edu/websec/

  • https://www.offensive-security.com/offsec/white-box-web-application-pentesting/

  • https://github.com/paragonie/awesome-appsec

3. Tools and miscellaneous:

  • https://brakemanscanner.org/

  • https://pyre-check.org/

  • https://owasp.org/www-community/Source_Code_Analysis_Tools

  • https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers

  • https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

PreviousSecure Coding HandbookNextCross-Site Scripting [XSS]

Last updated 3 years ago

Was this helpful?