Secure Code Warrior® Guidelines provide targeted learning that is tailored to the language/framework of your choice. They guide developers through defensive security strategies to increase knowledge before diving into interactive learning.
Developers will learn both general mitigation strategies to strengthen their security knowledge, as well as in-depth best practices for the selected language/framework.
Guidelines consist of 3 main parts:
- General Introduction, Description, and Mitigations.
- Language/framework mitigations.
- Additional code snippets (if applicable).
- Access Control - Missing Function Level Access Control
- Authentication - Use of Single-factor Authentication
- File Upload Vulnerability - Unrestricted File Upload
- Injection Flaws - Deserialization of Untrusted Data
- Injection Flaws - SQL Injection
- Insufficient Logging And Monitoring
- Sensitive Data Storage - Plaintext Storage of Passwords
- Server-Side Request Forgery - Server-Side Request Forgery (SSRF)
- Vulnerable Componentes - Using Known Vulnerable Components
- XML External Entities (XXE) - XML External Entities (XXE)
Available for Languages: Frameworks
- C# (.NET) Basic
- C# (.NET) Core
- C# (.NET) MVC
- C# (.NET) Web Forms
- GO Basic
- Java Basic
- Java Enterprise Edition (JSF)
- Java Enterprise Edition (JSP)
- Java Servlets
- Java Spring
- Java Struts
- Perl Dancer2
- PHP Basic
- PHP Symfony
- Pseudocode Basic
- Python Basic
- Python Django
- Python Flask
- Ruby Rails
- Rust Basic
- Salesforce Apex
- Scala Play
Please sign in to leave a comment.