Menu

    Guidelines in Courses

    Avatar
    Secure Code Warrior Elves
    • Updated
    Follow


    Secure Code Warrior® Guidelines provide targeted learning that is tailored to the language/framework of your choice. They guide developers through defensive security strategies to increase knowledge before diving into interactive learning.

     

    Developers will learn both general mitigation strategies to strengthen their security knowledge, as well as in-depth best practices for the selected language/framework.


    Guidelines consist of 3 main parts:

    • General Introduction, Description, and Mitigations.
    • Language/framework mitigations.
    • Additional code snippets (if applicable). 


    Guidlines_-_Java_Spring.gif

    Covered Vulnerabilities

    1. Access Control - Missing Function Level Access Control
    2. Authentication - Use of Single-factor Authentication
    3. Authentication - Insufficiently Protected Credentials
    4. Authentication - Improper Authentication
    5. Business Logic - Logical Error
    6. Cross-Site Scripting (XSS) - Stored Cross-Site Scripting
    7. Cross-Site Scripting (XSS) - Reflected Cross-Site Scripting
    8. File Upload Vulnerability - Unrestricted File Upload
    9. Information Exposure - Sensitive Data Exposure
    10. Injection Flaws - Path Traversal
    11. Injection Flaws - Deserialization of Untrusted Data
    12. Injection Flaws - SQL Injection
    13. Insufficient Logging And Monitoring - Insufficient Logging and Monitoring
    14. Insufficient Transport Layer Protection - Unprotected Transport of Sensitive Information
    15. Lack of Resources & Rate Limiting - Lack of Resources & Rate Limiting
    16. Mass Assignment - Mass Assignment
    17. Security Misconfiguration - Improper or Missing HTTP Headers
    18. Security Misconfiguration - Information Exposure
    19. Security Misconfiguration - Disabled Security Features
    20. Security Misconfiguration - Improper Permissions
    21. Sensitive Data Storage - Plaintext Storage of Passwords
    22. Server-Side Request Forgery - Server-Side Request Forgery (SSRF)
    23. Vulnerable Componentes - Using Known Vulnerable Components 
    24. Vulnerable Componentes - Using Components From Untrusted Source
    25. XML External Entities (XXE) - XML External Entities (XXE)

    Available for Languages: Frameworks

    Please note that not all 25 vulnerability categories are uniformly covered across all languages.

    1. C# (.NET) Basic
    2. C# (.NET) Core
    3. C# (.NET) MVC
    4. C# (.NET) Web Forms
    5. Docker Basic
    6. GO Basic
    7. Java: Enterprise Edition (Basic)
    8. Java Enterprise Edition (JSF)
    9. Java Enterprise Edition (JSP)
    10. Java Servlets
    11. Java Spring
    12. Java Struts
    13. JavaScript Node.js (Express)
    14. Kubernetes Basic
    15. Perl Dancer2
    16. PHP Basic
    17. PHP Symfony
    18. PHP: Laravel
    19. Pseudocode Web
    20. Python Basic
    21. Python Django
    22. Python Flask
    23. Ruby Rails
    24. Rust Basic
    25. Salesforce Apex
    26. Scala Play
    27. Typescript:Node.js (express)

    Related Links:

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.