Code Review Lab — practice secure code review
loading…
Code review is a skill.
Practice it.
Build the instinct that catches vulnerabilities in review.
loading daily challenge…
Build the instinct that catches vulnerabilities in review.
Build the instinct that catches vulnerabilities in review. Hands-on challenges in real production code.
PaperTrail is a collaborative documents app where users create short 'share' links to send docs to teammates. After a link is created, the server bounces the visitor to the right document and drops a small tracking cookie so analytics can attribute the visit. The redirect target and the tracking value both come from the request. Review the share-link flow and decide whether the way these values reach the HTTP response is safe.
“We dropped Code Review Lab into our security training rotation. Two weeks later our engineers were catching things in PR review we'd historically missed.”