Resources for source code review for beginners

1- Start by learning a backend programming language such as PHP, Python, or .NET.

2-Create 5 or 10 applications like a search page, login page, registration page, file upload page, etc.

3-Then go to learn OWASP TOP 10 ,wine you learn any models like model XSS (Cross-Site Scripting), and finshed the model go to in your search page and try to exploit that, then looking the source code in your page the code is vulnerable to Reflect XSS (RXXS).

4-Then Visit the DVWA (Damn Vulnerable Web Application) repository on GitHub and analyze the source code for RXXS. Look at all levels of difficulty (low, medium, high).

link DVWA: https://github.com/digininja/DVWA/tree/master/vulnerabilities

5-Omar Why I see all levels??!
because wien you seeing all levels, Understanding why the bypass is happened,and what is mistakes that lead to vulnerabilities

6- Now Learn about mitigation techniques for the identified vulnerabilities. Visit the following link for guidance: https://rules.sonarsource.com/. Select the programming language and vulnerability you want to learn about.

7-Return to the DVWA "impossible" level and apply the mitigation techniques to enhance the security of your search page's code.

8-Return in your code to mitigation your code

$$$ Remember repeat this process for every vulnerability model you learn from OWASP $$$

9-then go to pentestarlab there many labs for source code review , Choose a programming language you are familiar with, such as PHP or python to learn more

10. Once you have completed the above steps, practice your skills by visiting the following link: https://owasp.org/SecureCodingDojo/codereview101/.

If you need more resources after completing these steps, you can refer to the following LinkedIn post: https://www.linkedin.com/posts/gabriellebotbol_cybersecurity-cybersaezcuritaez-pentest-activity-7085211260232814592-5d5p?utm_source=share&utm_medium=member_android
#source_code_challenges

ان احسن فمن الله وان اخطات فمن نفسي اومن الشيطان