Security Code Review Learning Path

Cross-Site Scripting (XSS)

Beginner

Learn how to identify and prevent XSS vulnerabilities during code review

30 min

Start

SQL Injection

Intermediate

Learn to spot and prevent SQL injection vulnerabilities in your code

45 min

Start

Command Injection

Intermediate

Master the art of identifying command injection vulnerabilities

50 min

Start

NoSQL Injection

Intermediate

Identify injection flaws in MongoDB, Redis, and other NoSQL databases

40 min

Coming Soon

LDAP Injection

Advanced

Detect and prevent LDAP injection in enterprise authentication systems

35 min

Coming Soon

Server-Side Template Injection

Advanced

Identify SSTI vulnerabilities in Jinja2, Twig, Freemarker, and more

50 min

Coming Soon

HTTP Header Injection

Intermediate

Detect CRLF injection and HTTP response splitting attacks

30 min

Coming Soon

XPath Injection

Intermediate

Find and prevent XPath injection in XML-based applications

35 min

Coming Soon

Server-Side Request Forgery

Intermediate

Learn to identify and prevent SSRF vulnerabilities through code review

40 min

Start

Insecure File Upload

Intermediate

Learn to identify and prevent dangerous file upload vulnerabilities

60 min

Start

Path Traversal

Intermediate

Detect directory traversal and local file inclusion vulnerabilities

35 min

Start

XML External Entities (XXE)

Intermediate

Identify XXE vulnerabilities in XML parsers and document processing

45 min

Start

Insecure Deserialization

Advanced

Understand and prevent object deserialization attacks

55 min

Coming Soon

Business Logic Flaws

Intermediate

Identify logic vulnerabilities that bypass security controls

45 min

Coming Soon

HTTP Request Smuggling

Advanced

Detect CL.TE, TE.CL, and TE.TE request smuggling vulnerabilities

60 min

Coming Soon

JWT Security Vulnerabilities

Intermediate

Understanding and preventing JSON Web Token security issues

50 min

Start

Broken Authentication

Intermediate

Identify weak authentication patterns and session management flaws

45 min

Start

IDOR & Access Control

Intermediate

Detect insecure direct object references and authorization bypasses

40 min

Coming Soon

OAuth 2.0 Security

Advanced

Secure OAuth implementations and prevent common misconfigurations

55 min

Start

SAML Security

Advanced

Identify SAML assertion vulnerabilities and SSO misconfigurations

50 min

Coming Soon

Privilege Escalation

Intermediate

Detect vertical and horizontal privilege escalation vulnerabilities

40 min

Coming Soon

REST API Security

Intermediate

Secure your REST APIs from common vulnerabilities and misconfigurations

55 min

Start

GraphQL Security

Intermediate

Identify GraphQL-specific vulnerabilities and secure your schemas

50 min

Start

WebSocket Security

Intermediate

Secure real-time WebSocket communications and prevent hijacking

40 min

Coming Soon

Rate Limiting & DoS Prevention

Beginner

Implement proper rate limiting and prevent denial of service

35 min

Coming Soon

CORS Misconfiguration

Intermediate

Identify and fix Cross-Origin Resource Sharing security issues

30 min

Coming Soon

API Versioning Security

Beginner

Secure API versioning and prevent legacy endpoint exploitation

25 min

Coming Soon

gRPC Security

Advanced

Secure gRPC services and Protocol Buffer implementations

45 min

Coming Soon

Secrets Management & Leakage

Intermediate

Detecting and preventing sensitive data exposure in your codebase

45 min

Start

Sensitive Data Exposure

Intermediate

Identify PII leaks, improper logging, and data handling issues

40 min

Coming Soon

Cryptographic Failures

Advanced

Detect weak encryption, improper key management, and crypto misuse

50 min

Coming Soon

Secure Logging Practices

Beginner

Prevent log injection and sensitive data exposure in logs

30 min

Coming Soon

Data Masking & Anonymization

Intermediate

Implement proper data masking for PII and sensitive information

35 min

Coming Soon

Advanced XSS Patterns

Advanced

Deep dive into complex XSS scenarios and bypass techniques

60 min

Start

Clickjacking & UI Redressing

Beginner

Prevent frame-based UI attacks and implement proper defenses

25 min

Start

Prototype Pollution

Advanced

Master JavaScript prototype pollution and its security implications

45 min

Coming Soon

PostMessage Vulnerabilities

Intermediate

Secure cross-origin communication and prevent message hijacking

35 min

Coming Soon

CSP Bypass Techniques

Advanced

Understand Content Security Policy weaknesses and misconfigurations

40 min

Coming Soon

Browser Storage Security

Intermediate

Secure localStorage, sessionStorage, IndexedDB, and cookies

30 min

Coming Soon

DOM Manipulation Attacks

Intermediate

Prevent DOM clobbering, HTML injection, and DOM-based vulnerabilities

40 min

Coming Soon

Supply Chain Security

Advanced

Detect malicious dependencies and secure your build pipeline

55 min

Coming Soon

Subdomain Takeover

Intermediate

Detect dangling DNS records and prevent subdomain hijacking

30 min

Coming Soon

DNS Rebinding Attacks

Advanced

Understand and prevent DNS rebinding exploitation techniques

40 min

Start

SSL/TLS Misconfiguration

Intermediate

Identify weak ciphers, certificate issues, and TLS vulnerabilities

35 min

Coming Soon

Container Security

Intermediate

Secure Docker images, Kubernetes configs, and container runtimes

50 min

Coming Soon

Cloud Misconfiguration

Intermediate

Find S3 bucket exposures, IAM issues, and cloud security flaws

45 min

Coming Soon

CI/CD Pipeline Security

Intermediate

Secure GitHub Actions, Jenkins, and deployment workflows

40 min

Coming Soon

Race Conditions & TOCTOU

Advanced

Identify timing vulnerabilities and race condition exploits

50 min

Coming Soon

Web Cache Poisoning

Advanced

Identify cache key manipulation and cache deception attacks

50 min

Coming Soon

Second-Order Vulnerabilities

Advanced

Find stored payloads that trigger in different contexts

45 min

Coming Soon

Parser Differentials

Advanced

Exploit parsing inconsistencies between components

55 min

Coming Soon

Polyglot Payloads

Advanced

Craft payloads that work across multiple contexts

40 min

Coming Soon

Security Code Review

Injection Attacks

Cross-Site Scripting (XSS)

SQL Injection

Command Injection

NoSQL Injection

LDAP Injection

Server-Side Template Injection

HTTP Header Injection

XPath Injection

Server-Side Vulnerabilities

Server-Side Request Forgery

Insecure File Upload

Path Traversal

XML External Entities (XXE)

Insecure Deserialization

Business Logic Flaws

HTTP Request Smuggling

Authentication & Access Control

JWT Security Vulnerabilities

Broken Authentication

IDOR & Access Control

OAuth 2.0 Security

SAML Security

Privilege Escalation

API & Web Services

REST API Security

GraphQL Security

WebSocket Security

Rate Limiting & DoS Prevention

CORS Misconfiguration

API Versioning Security

gRPC Security

Data & Secrets Security

Secrets Management & Leakage

Sensitive Data Exposure

Cryptographic Failures

Secure Logging Practices

Data Masking & Anonymization

Client-Side Security

Advanced XSS Patterns

Clickjacking & UI Redressing

Prototype Pollution

PostMessage Vulnerabilities

CSP Bypass Techniques

Browser Storage Security

DOM Manipulation Attacks

Infrastructure & DevOps

Supply Chain Security

Subdomain Takeover

DNS Rebinding Attacks

SSL/TLS Misconfiguration

Container Security

Cloud Misconfiguration

CI/CD Pipeline Security

Advanced Techniques

Race Conditions & TOCTOU

Web Cache Poisoning

Second-Order Vulnerabilities

Parser Differentials

Polyglot Payloads