Skip to content
/ secure-code-review-challenges Public

This repo contains the code for my secure code review challenges. People used this as the primary resource to pass FAANG AppSec interviews 😉

License

View license
285 stars 70 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dub-flow/secure-code-review-challenges

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

141 Commits
challenge-01
challenge-01
 
 
challenge-02
challenge-02
 
 
challenge-03
challenge-03
 
 
challenge-04
challenge-04
 
 
challenge-05
challenge-05
 
 
challenge-06
challenge-06
 
 
challenge-07
challenge-07
 
 
challenge-08
challenge-08
 
 
challenge-09
challenge-09
 
 
challenge-10
challenge-10
 
 
challenge-11
challenge-11
 
 
challenge-12
challenge-12
 
 
challenge-13
challenge-13
 
 
challenge-14
challenge-14
 
 
challenge-15
challenge-15
 
 
challenge-16
challenge-16
 
 
challenge-17
challenge-17
 
 
challenge-18
challenge-18
 
 
challenge-19
challenge-19
 
 
challenge-20
challenge-20
 
 
challenge-21
challenge-21
 
 
challenge-22
challenge-22
 
 
challenge-23
challenge-23
 
 
challenge-24
challenge-24
 
 
challenge-25
challenge-25
 
 
challenge-26
challenge-26
 
 
challenge-27
challenge-27
 
 
challenge-28
challenge-28
 
 
challenge-29
challenge-29
 
 
challenge-30
challenge-30
 
 
challenge-31
challenge-31
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Secure Code Review Challenges

This repo contains the code for my Secure Code Review challenges. The idea is to look at basic web vulnerabilities in a language-agnostic way.

If you like these challenges, you may want to check out my LeoTrace Community. Sign-up is free and it allows you to collaborate with like-minded people, ask me any questions you may have, and much more!

All Challenges

Legend

🐍 Python
♨️ Java
🐹 Go
🟨 JS (Node.js)
🐘 PHP
⚙️ C / C++
🐚 Bash

🔴🎬 = YouTube walkthrough available (you can find the link in the ./solution.md in the challenge folder).

Challenges List

  1. Open Redirect 🐍 -> 🔴🎬
  2. Server-side Request Forgery 🟨 -> 🔴🎬
  3. Weak Password Hashing ♨️
  4. Hardcoded Credentials 🐍
  5. XML External Entity Attack ♨️ -> 🔴🎬
  6. Cross-site Scripting 🐹
  7. Host Header Injection 🟨 -> 🔴🎬
  8. Nginx Off-By-Slash
  9. Broken Access Control (IDOR) 🐍 -> 🔴🎬
  10. Broken Access Control (JWT missing verification) 🟨
  11. Path Normalization Bypass 🐍 -> 🔴🎬
  12. Unquoted Bash Variables 🐍🐚
  13. SQL Injection ♨️
  14. Race Condition 🟨 -> 🔴🎬
  15. HTTP Response Splitting 🐍
  16. RCE via File Upload ♨️ -> 🔴🎬
  17. OS Command Injection 🐹
  18. Insecure Deserialization 🐘
  19. Server-side Template Injection 🐹
  20. Local File Inclusion (Path Traversal) ♨️
  21. CORS Misconfiguration (Reflected Origin header) 🟨
  22. Eval Injection 🟨
  23. Unsafe Reflection ♨️
  24. XSLT Injection 🐍
  25. NoSQL Injection 🐹
  26. Prototype Pollution 🟨
  27. Integer Overflow ⚙️
  28. Web Cache Deception 🟨
  29. ...
  30. ...
  31. ...

About

This repo contains the code for my secure code review challenges. People used this as the primary resource to pass FAANG AppSec interviews 😉

Topics

appsec ethical-hacking bug-hunting

Resources

Readme

License

View license
Activity

Stars

285 stars

Watchers

11 watching

Forks

70 forks
Report repository

Languages