softwaresecured/secure-code-review-checklist external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

softwaresecured/secure-code-review-checklist

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/softwaresecured/secure-code-review-checklist)

Close

softwaresecured / secure-code-review-checklistView on GitHubMore

• External links
• Readme badge

A starter secure code review checklist

☆184Nov 26, 2018Updated 7 years ago

Alternatives and similar repositories for secure-code-review-checklist

Users that are interested in secure-code-review-checklist are comparing it to the libraries listed below

• mgreiler / secure-code-review-checklist

  View on GitHub
  ☆196Feb 26, 2023Updated 3 years ago
• d3lb3 / security-code-review

  View on GitHub
  My personal collection of resources (mostly tools and training materials) for source code security audits.
  ☆106Aug 20, 2024Updated last year
• claire-lex / megagrep

  View on GitHub
  Megagrep helps beginning a code review by searching for keywords in the code using "grep". It does not search for vulnerabilities directl…
  ☆15Aug 8, 2022Updated 3 years ago
• va1da5 / manual-source-code-review

  View on GitHub
  Regex patterns for manual application source code review
  ☆33Dec 14, 2020Updated 5 years ago
• alyrezo / FindBBP

  View on GitHub
  Bug Bounty Program Discovery tool, that discovers bug Bounty Program via security.txt file by default and you can use custom dork
  ☆16Jul 17, 2022Updated 3 years ago
• rootxharsh / workshoplabs

  View on GitHub
  Labs from our workshop "Demystifying the server-side".
  ☆17May 30, 2022Updated 3 years ago
• apapedulimu / Learn-Source-Code-Review

  View on GitHub
  Learning source code review, spot vulnerability, find some ways how to fix it.
  ☆30Nov 17, 2022Updated 3 years ago
• vmnguyen / Code-Crawler

  View on GitHub
  Automatic tool using for crawling code to find low-hang fruit vulnerabilities - Based on OWASP Secure Code Review Guide
  ☆21Aug 31, 2020Updated 5 years ago
• boku7 / gsCMS-CustomJS-Csrf2Xss2Rce

  View on GitHub
  GetSimple CMS Custom JS Plugin Exploit RCE Chain
  ☆11Mar 8, 2023Updated 2 years ago
• 0xRadi / OWASP-Web-Checklist

  View on GitHub
  OWASP Web Application Security Testing Checklist
  ☆2,101Aug 18, 2022Updated 3 years ago
• shabarkin / CodeAllTheThings

  View on GitHub
  A list of threat sinks used in the manual security source code review for application security
  ☆76May 9, 2023Updated 2 years ago
• wetw0rk / AWAE-PREP

  View on GitHub
  This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with t…
  ☆930Jan 6, 2025Updated last year
• sepehrdaddev / zap-scripts

  View on GitHub
  Zed Attack Proxy Scripts for finding CVEs and Secrets.
  ☆128Jun 2, 2022Updated 3 years ago
• dustyfresh / PHP-vulnerability-audit-cheatsheet

  View on GitHub
  This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabi…
  ☆362Mar 6, 2025Updated 11 months ago
• deFr0ggy / PMAT-Labs-Walkthroughs

  View on GitHub
  Repo containing my personal walkthroughs of PMAT Labs i.e. PMAT Malware Samples.
  ☆43Mar 23, 2022Updated 3 years ago
• hakluke / ----svg-onload-alert---

  View on GitHub
  jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()…
  ☆11Apr 9, 2021Updated 4 years ago
• themarkib / google-acquisitions

  View on GitHub
  Most of the Google Acquisitions for Bug Bounty Hunter.
  ☆64Sep 3, 2022Updated 3 years ago
• kajalNair / OSWE-Prep

  View on GitHub
  An OSWE Guide
  ☆124Feb 18, 2021Updated 5 years ago
• timip / OSWE

  View on GitHub
  OSWE Preparation
  ☆665Jul 25, 2022Updated 3 years ago
• OWASP / SecureCodingDojo

  View on GitHub
  The Secure Coding Dojo is a platform for delivering secure coding knowledge.
  ☆594Nov 23, 2025Updated 3 months ago
• D3n0Duz / WebPentestChecklist

  View on GitHub
  Workflow for pentesting web applications.
  ☆21Feb 19, 2019Updated 7 years ago
• riramar / h2rs

  View on GitHub
  Detects request smuggling via HTTP/2 downgrades.
  ☆94Jul 30, 2022Updated 3 years ago
• bp0lr / myGF_patterns

  View on GitHub
  ☆21Dec 15, 2020Updated 5 years ago
• assetnote / blind-ssrf-chains

  View on GitHub
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆952Dec 31, 2021Updated 4 years ago
• arpeetrathii / 50-Days-Of-SQLi

  View on GitHub
  Learning and hunting SQL injection bugs for 50 continuous days
  ☆75Aug 19, 2022Updated 3 years ago
• 0xAgun / All1

  View on GitHub
  Automated Recon Tool Installer
  ☆15Jun 29, 2022Updated 3 years ago
• pageinsec / portswigger_academy

  View on GitHub
  Scripts and misc. stuff related to the PortSwigger Web Academy
  ☆17Feb 6, 2022Updated 4 years ago
• appsecco / defcon-26-workshop-attacking-and-auditing-docker-containers

  View on GitHub
  DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source
  ☆109Nov 18, 2019Updated 6 years ago
• iamsarvagyaa / AndroidSecNotes

  View on GitHub
  An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentes…
  ☆225Aug 26, 2021Updated 4 years ago
• security-prince / Application-Security-Engineer-Interview-Questions

  View on GitHub
  Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exh…
  ☆677Aug 7, 2020Updated 5 years ago
• tprynn / web-methodology

  View on GitHub
  Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
  ☆211Oct 31, 2024Updated last year
• chrislockard / api_wordlist

  View on GitHub
  A wordlist of API names for web application assessments
  ☆866Jun 17, 2025Updated 8 months ago
• ghsec / BurpBountyProfile

  View on GitHub
  BurpSiute - BurpBounty Profiles
  ☆20Feb 10, 2023Updated 3 years ago
• computer-engineer / WhiteboxPentest

  View on GitHub
  Whitebox source code review cheatsheet (Based on AWAE syllabus)
  ☆168Feb 16, 2022Updated 4 years ago
• jpiechowka / jenkins-cve-2016-0792

  View on GitHub
  Exploit for Jenkins serialization vulnerability - CVE-2016-0792
  ☆49Aug 2, 2017Updated 8 years ago
• devanshbatham / heaptruffle

  View on GitHub
  Mine URLs from Browser's Heap Snapshot for fun and profit
  ☆64Aug 9, 2023Updated 2 years ago
• wireghoul / graudit

  View on GitHub
  grep rough audit - source code auditing tool
  ☆1,679Dec 19, 2025Updated 2 months ago
• hmaverickadams / External-Pentest-Checklist

  View on GitHub
  ☆433Feb 2, 2022Updated 4 years ago
• anontuttuvenus / OSCP-Resources-Google-Chrome-Bookmark

  View on GitHub
  This small repo contain OSCP public resources. You can download this on your Google Chrome with the following steps.
  ☆19Dec 31, 2020Updated 5 years ago