🔐
Secure Coding Handbook
  • Secure Coding Handbook
  • Resources
  • Client side
    • Cross-Site Scripting [XSS]
    • Cross-Site Request Forgery [CSRF]
    • Clickjacking
    • Open Redirects
  • Server Side
    • SQL Injections [SQLi]
    • XML External Entity Injection [XXE]
    • OS Command Injection [Command Execution]
    • File Upload
    • Server-Side Request Forgery [SSRF]
    • Host Header Injection
    • Authentication
    • Directory Traversal
    • Template Injection [SSTI]
  • API
    • Broken Object Level Authorization
    • Excessive Data Exposure
    • Mass Assignment
  • Auxiliary
    • Vulnerable Dependency Management
    • Deserialization
    • Logging
  • Solidity
    • Re-Entrancy
Powered by GitBook
On this page
  • 1. Training:
  • 2. Documentation:
  • 3. Tools and miscellaneous:

Was this helpful?

Resources

Current known list of resources

PreviousSecure Coding HandbookNextCross-Site Scripting [XSS]

Last updated 3 years ago

Was this helpful?

1. Training:

2. Documentation:

  • Web Application Security: Exploitation and Countermeasures for Modern Web Applications[]

  • Web Security for Developers: Real Threats, Practical Defense []

3. Tools and miscellaneous:

https://application.security/free/owasp-top-10-API
https://free.codebashing.com/
https://github.com/ManicodeSecurity
https://owasp.org/SecureCodingDojo/codereview101/
https://wiki.owasp.org/index.php/
https://portswigger.net/web-security
https://www.shiftleft.io/learn/
https://www.hacksplaining.com/exercises/
https://ethernaut.openzeppelin.com/
https://checkmarx.gitbooks.io/js-scp/content
https://about.gitlab.com/handbook/engineering/security/secure-coding-training.html
https://owasp.org/www-project-secure-coding-dojo/
https://github.com/nxvl/secure-coding-with-python
https://github.com/OWASP/Go-SCP
https://owasp.org/www-community/attacks/
https://owasp.org/www-community/controls/Static_Code_Analysis
https://code.google.com/archive/p/browsersec/
https://nostarch.com/websecurity
https://github.com/lirantal/awesome-nodejs-security
https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf
Andrew Hoffman
Malcolm McDonald
https://seclab.stanford.edu/websec/
https://www.offensive-security.com/offsec/white-box-web-application-pentesting/
https://github.com/paragonie/awesome-appsec
https://brakemanscanner.org/
https://pyre-check.org/
https://owasp.org/www-community/Source_Code_Analysis_Tools
https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers
https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis