Skip to content

magnologan/appsec-challenges

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

112 Commits
challenge-01
challenge-01
 
 
challenge-02
challenge-02
 
 
challenge-03
challenge-03
 
 
challenge-04
challenge-04
 
 
challenge-05
challenge-05
 
 
challenge-06
challenge-06
 
 
challenge-07
challenge-07
 
 
challenge-08
challenge-08
 
 
challenge-09
challenge-09
 
 
challenge-10
challenge-10
 
 
challenge-11
challenge-11
 
 
challenge-12
challenge-12
 
 
challenge-13
challenge-13
 
 
challenge-14
challenge-14
 
 
challenge-15
challenge-15
 
 
challenge-16
challenge-16
 
 
challenge-17
challenge-17
 
 
challenge-18
challenge-18
 
 
challenge-19
challenge-19
 
 
challenge-20
challenge-20
 
 
challenge-21
challenge-21
 
 
challenge-22
challenge-22
 
 
challenge-23
challenge-23
 
 
challenge-24
challenge-24
 
 
challenge-25
challenge-25
 
 
challenge-26
challenge-26
 
 
challenge-27
challenge-27
 
 
challenge-28
challenge-28
 
 
challenge-29
challenge-29
 
 
challenge-30
challenge-30
 
 
README.md
README.md
 
 

Repository files navigation

Secure Code Review Challenges

This repo contains the code for my Secure Code Review challenges.

Challenges

Those marked with 🔴🎬 have a YouTube walkthrough available (you can find the link in the ./solution.md in the challenge folder).

  1. Open Redirect 🔴🎬
  2. Server-side Request Forgery 🔴🎬
  3. Weak Password Hashing
  4. Hardcoded Credentials
  5. XML External Entity Attack 🔴🎬
  6. Cross-site Scripting
  7. Host Header Injection 🔴🎬
  8. Nginx Off-By-Slash
  9. Broken Access Control (IDOR) 🔴🎬
  10. Broken Access Control (JWT missing verification)
  11. Path Normalization Bypass
  12. Unquoted Bash Variables
  13. SQL Injection
  14. Race Condition
  15. HTTP Response Splitting
  16. RCE via File Upload
  17. OS Command Injection
  18. Insecure Deserialization
  19. Server-side Template Injection
  20. Local File Inclusion (Path Traversal)
  21. CORS Misconfiguration (Reflected Origin header)
  22. Eval Injection
  23. Unsafe Reflection
  24. XSLT Injection
  25. NoSQL Injection
  26. ...
  27. ...
  28. ...
  29. ...

About

This repo contains the code for my appsec challenges

Resources

Readme

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 27.2%
  • JavaScript 24.3%
  • Python 15.8%
  • Go 13.3%
  • Dockerfile 11.0%
  • HTML 3.6%
  • Other 4.8%