Skip to content

Getting Started to Perform Security Code Reviews

The following are several resources that will help you get started on how to perform code reviews to find security bugs/vulnerabilities.

TIP: - Don't feel that you have to learn everything at once. Start by learning a framework, basics of a programming language, etc. - After you learn the first one, the others will be easier to learn. - For web security, gaining an understanding on how modern web frameworks work is one of the most important things. - Do it side-by-side. Learn how to code and doing code review. It might seem overwhelming at first but it becomes better after you start understanding the code.

Resources for Learning Different Programming languages:

  • Learn Javascript: https://youtube.com/watch?v=PkZNo7MFNFg
  • Learn PHP: https://youtube.com/watch?v=OK_JCtrrv-c
  • Learn NodeJS: https://youtube.com/watch?v=RLtyhwFtXQA
  • Learn Django: https://youtube.com/watch?v=F5mRW0jo-U4
  • Learn Ruby on Rails: https://youtube.com/watch?v=fmyvWz5TUWg

Presentations and videos on code review:

  • https://youtube.com/watch?v=kpf3UkMc5Y4
  • https://youtube.com/watch?v=f6UOBCJ9pjw
  • https://youtube.com/watch?v=fb-t3WWHsMQ
  • https://youtube.com/watch?v=A8CNysN-lOM
  • https://youtube.com/watch?v=rAwxFw25x3E
  • https://youtube.com/watch?v=89rSpNBtVWE

Vulnerable codes to play around with:

  • https://github.com/xuezzou/Vulnerable-nodejs
  • https://github.com/cr0hn/vulnerable-node
  • https://github.com/SasanLabs/VulnerableApp-php
  • https://github.com/redpointsec/vtm
  • https://github.com/TROUBLE-1/White-box-pentesting
  • https://github.com/computer-engineer/WhiteboxPentest
  • https://owasp.org/SecureCodingDojo/codereview101/
  • https://github.com/search?q=org%3AShiftLeftSecurity+vulnerable&type=all