Secure Code Warrior® Guidelines provide targeted learning that is tailored to the language/framework of your choice. They guide developers through defensive security strategies to increase knowledge before diving into interactive learning.
Developers will learn both general mitigation strategies to strengthen their security knowledge, as well as in-depth best practices for the selected language/framework.
Guidelines consist of 3 main parts:
- General Introduction, Description, and Mitigations.
- Language/framework mitigations.
- Additional code snippets (if applicable).
Covered Vulnerabilities
- Access Control - Missing Function Level Access Control
- Access Control - Missing Object Level Access Control
- Authentication - Use of Single-factor Authentication
- Authentication - Insufficiently Protected Credentials
- Authentication - Improper Authentication
- Business Logic - Insufficient Validation
- Business Logic - Logical Error
- Cross-Site Scripting (XSS): DOM-Based Cross-Site Scripting
- Cross-Site Scripting (XSS) - Stored Cross-Site Scripting
- Cross-Site Scripting (XSS) - Reflected Cross-Site Scripting
- Denial of Service - Failure to Release Resource
- File Upload Vulnerability - Unrestricted File Upload
- Improper Assets Management - Improper Assets Management
- Information Exposure - Error Details
- Information Exposure - Debug Information
- Information Exposure - Sensitive Data Exposure
- Injection Flaws: Code Injection
- Injection Flaws: CSS Injection
- Injection Flaws: Deserialization of Untrusted Data
- Injection Flaws: Log Forging
- Injection Flaws: OS Command Injection
- Injection Flaws: Path Traversal
- Injection Flaws: Resource Injection
- Injection Flaws: SQL Injection
- Insecure Cryptography: Insecure Randomness
- Insufficient Logging And Monitoring - Insufficient Logging and Monitoring
- Insufficient Transport Layer Protection - Unprotected Transport of Sensitive Information
- Lack of Resources & Rate Limiting - Lack of Resources & Rate Limiting
- Mass Assignment - Mass Assignment
- Memory Corruption: Buffer Overflow
- Memory Corruption: Double Free
- Memory Corruption: Format String Vulnerabilities
- Memory Corruption: Heap Overflow
- Memory Corruption: Illegal Pointer Value
- Memory Corruption: Integer Overflow
- Memory Corruption: Null Dereference
- Memory Corruption: Race Conditions
- Memory Corruption: Stack Overflow
- Memory Corruption: Type Confusion
- Memory Corruption: Uninitialized Variable
- Memory Corruption: Use After Free
- Security Misconfiguration: Clickjacking
- Security Misconfiguration: Improper or Missing HTTP Headers
- Security Misconfiguration: Information Exposure
- Security Misconfiguration: Disabled Security Features
- Security Misconfiguration: Improper Permissions
- Sensitive Data Storage: Plaintext Storage of Passwords
- Server-Side Request Forgery: Server-Side Request Forgery (SSRF)
- Unvalidated Redirects and Forwards: Unvalidated Redirects and Forwards
- Vulnerable Componentes: Using Known Vulnerable Components
- Vulnerable Componentes: Using Components From Untrusted Source
- XML External Entities (XXE): XML External Entities (XXE)
Available for Languages: Frameworks
Please note that not all 50 vulnerability categories are uniformly covered across all languages.
- Ansible Basic
- Bash: Basic
- C: Embedded
- C# (.NET): Basic
- C# (.NET): Core
- C# (.NET): MVC
- C# (.NET):Web API
- C# (.NET): Web Forms
- C Basic
- C++: Basic
- C++: Embedded
- CloudFormation Basic
- COBOL: Mainframe
- Dart: Flutter
- Docker: Basic
- GO: API
- GO: Basic
- Java: Android SDK
- Java: Enterprise Edition (Basic)
- Java: Enterprise Edition (JSF)
- Java: Enterprise Edition (JSP)
- Java: Enterprise Edition API
- Java: Servlets
- Java: Spring
- Java: Struts
- JavaScript: Angular.io (2+)
- JavaScript:AngularJS (1.x)
- JavaScript: Basic
- JavaScript:Node.js (Express)
- JavaScript:Node.js API
- JavaScript: React
- JavaScript: React Native
- JavaScript: Vue.js
- Kotlin: Android SDK
- Kotlin: Spring API
- Kubernetes: Basic
- Objective-C: iOS SDK
- Perl: Dancer2
- PHP: Basic
- PHP: Laravel
- PHP: Symfony
- PL/SQL: Basic
- PowerShell: Basic
- Pseudocode: Mobile
- Pseudocode: Web
- Python: API
- Python: Basic
- Python: Django
- Python: Flask
- Python: Pyramid
- Ruby: Rails
- Rust: Basic
- Salesforce: Apex
- Scala: Play
- Swift: iOS SDK
- T-SQL: Basic
- Terraform: AWS
- Typescript: Basic
- Typescript:Node.js (Express)
- Typescript: React
Useful Links:
Comments
0 comments
Please sign in to leave a comment.