Secure Code Warrior® Walkthroughs simulate real-world scenarios for every developer to experience the impact of insecure code while helping them answer the question "why does this vulnerability matter?" - ultimately allowing them to defend their code and company's brand reputation.
Each Walkthrough has explicit step-by-step instructions to guide developers as they interact with an application and experience how the vulnerability manifests itself in a real-world scenario.
Covered Vulnerabilities
- Access Control - Insecure Direct Object Reference
- Access Control - Missing Function Level Access Control
- Authentication - Improper Authentication
- Business Logic - Insufficient Validation
- Cross-Site Scripting (XSS) - Reflected Cross-Site Scripting
- Cross-Site Scripting (XSS) - Stored Cross-Site Scripting
- File Upload Vulnerability - Unrestricted File Upload
- Injection Flaws - Deserialisation of Untrusted Data
- Injection Flaws - External Entity Injection
- Injection Flaws - NoSQL Injection
- Injection Flaws - OS Command Injection
- Injection Flaws - Path Traversal
- Injection Flaws - SQL Injection
- Insecure Cryptography - Insecure Randomness
- Insecure Cryptography - Weak Algorithm Use
- Insufficient Logging and Monitoring - Insufficient Logging and Monitoring
- Mass Assignment - Mass Assignment
- Security Misconfiguration - Disabled Security Features
- Sensitive Data Storage - Plain text Storage of Passwords
- Server-Side Request Forgery - Server-Side Request Forgery (SSRF)
- Session Handling - Exposed Session Tokens
- Vulnerable Components - Using Known Vulnerable Components
- Vulnerable Components - Using Components From Untrusted Source
- XML External Entities (XXE) - XML External Entities (XXE)
Covered Languages: Frameworks
- C: Basic
- C#(.NET): Basic
- C# (.NET): Core
- C# (.NET): MVC
- C# (.Net): Web API
- C# (.NET): Web Forms
- C++: Basic
- CloudFormation: Basic
- Docker: Basic
- GO: API
- GO: Basic
- Java: Enterprise Edition (Basic)
- Java: Enterprise Edition (JSF)
- Java: Enterprise Edition (JSP)
- Java: Enterprise Edition API
- Java: Servlets
- Java: Spring
- Java: Spring API
- Java: Struts
- JavaScript: Angular.io (2+)
- JavaScript: Basic
- JavaScript: Node.js (Express)
- JavaScript: Node.js API
- JavaScript: React
- JavaScript: Vue.js
- Kotlin: Spring API
- Kubernetes: Basic
- Perl Dancer 2
- PHP: Basic
- PHP: Laravel
- PHP: Symfony
- Pseudocode: Web
- Python: API
- Python: Basic
- Python: Django
- Python: Flask
- Ruby: Rails
- Rust: Basic
- SAP: ABAP
- Scala: Play
- Terraform: Basic
- Typescript:Basic
Related Link:
Comments
0 comments
Please sign in to leave a comment.