From 0a102824d5a8c6b53a4677b6fa6537afbb7bfd77 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Tue, 19 Jul 2022 13:15:40 -0400 Subject: [PATCH] Source Code Review Resources WIP --- .../getting_started_code_review.md | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 programming_and_scripting_for_cybersecurity/getting_started_code_review.md diff --git a/programming_and_scripting_for_cybersecurity/getting_started_code_review.md b/programming_and_scripting_for_cybersecurity/getting_started_code_review.md new file mode 100644 index 0000000..afa253d --- /dev/null +++ b/programming_and_scripting_for_cybersecurity/getting_started_code_review.md @@ -0,0 +1,39 @@ +# Getting Started to Perform Security Code Reviews +The following are several resources that will help you get started on how to perform code reviews to find security bugs/vulnerabilities. + +**TIP:** +- Don't feel that you have to learn everything at once. Start by learning a framework, basics of a programming language, etc. +- After you learn the first one, the others will be easier to learn. +- For web security, gaining an understanding on how modern web frameworks work is one of the most important things. +- Do it side-by-side. Learn how to code and doing code review. It might seem overwhelming at first but it becomes better after you start understanding the code. + + +## Resources for Learning Different Programming languages: + +- Learn Javascript: https://youtube.com/watch?v=PkZNo7MFNFg +- Learn PHP: https://youtube.com/watch?v=OK_JCtrrv-c +- Learn NodeJS: https://youtube.com/watch?v=RLtyhwFtXQA +- Learn Django: https://youtube.com/watch?v=F5mRW0jo-U4 +- Learn Ruby on Rails: https://youtube.com/watch?v=fmyvWz5TUWg + + +## Presentations and videos on code review: + +- https://youtube.com/watch?v=kpf3UkMc5Y4 +- https://youtube.com/watch?v=f6UOBCJ9pjw +- https://youtube.com/watch?v=fb-t3WWHsMQ +- https://youtube.com/watch?v=A8CNysN-lOM +- https://youtube.com/watch?v=rAwxFw25x3E +- https://youtube.com/watch?v=89rSpNBtVWE + + +## Vulnerable codes to play around with: + +- https://github.com/xuezzou/Vulnerable-nodejs +- https://github.com/cr0hn/vulnerable-node +- https://github.com/SasanLabs/VulnerableApp-php +- https://github.com/redpointsec/vtm +- https://github.com/TROUBLE-1/White-box-pentesting +- https://github.com/computer-engineer/WhiteboxPentest +- https://owasp.org/SecureCodingDojo/codereview101/ +- https://github.com/search?q=org%3AShiftLeftSecurity+vulnerable&type=all