week 25 · 2026 · weekly challenge live now

Code review is a skill.
Practice it.

Build the instinct that catches vulnerabilities in review. Hands-on challenges in real production code.

Start today's challenge↵Browse all 210 →

210challenges

70learning articles

10+languages

weekly

+150 pts

mediumgoSSRF (Server-Side Request Forgery)

Hotel Rate Check

Review the backend code for TripNest, an online travel booking platform that allows users to compare hotel rates from various sources. Users can submit URLs of hotel booking pages, and the system scrapes pricing data for comparison. The engineering team recently optimized the scraping service for faster response times. Examine how external URL requests are processed to ensure the platform handles user input securely.

1package scraper

3import (

4 "io"

5 "net/http"

6 "time"

Open challenge↵

01how it works

Read the brief

A short scope statement: what the service does, what you're looking for, and any context that matters.

Review the code

Real world snippets - interfaces, handlers, services, scripts. Skim, then audit. The defect is on a single line.

Click the line

No multiple choice. You point at the bug. Right or wrong, you get an annotated explanation.

02this week's set

view all →

03by class

Web Security

XSS, CSRF, SSRF, open redirects, auth flaws.

explore →

Injection

SQL, command, LDAP, NoSQL, template injection.

explore →

Authentication

Tokens, password storage, session fixation, MFA.

explore →

Web3

Reentrancy, integer overflow, access control.

explore →

Mobile

iOS / Android secure storage, deep links, IPC.

explore →

API

REST, GraphQL, gRPC — auth and rate limiting.

explore →

“We dropped Code Review Lab into our security training rotation. Two weeks later our engineers were catching things in PR review we'd historically missed.”

L. Ivanova

App Sec Lead · Series-C fintech

Ready when you are.

Today's challenge takes about 15 minutes.

Start daily challenge ↵See pricing

loading…