softwaresecured/secure-code-review-checklist external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

softwaresecured/secure-code-review-checklist

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/softwaresecured/secure-code-review-checklist)

Close

softwaresecured / secure-code-review-checklistView on GitHubMore

• External links
• Readme badge

A starter secure code review checklist

☆184Nov 26, 2018Updated 7 years ago

Alternatives and similar repositories for secure-code-review-checklist

Users that are interested in secure-code-review-checklist are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mgreiler / secure-code-review-checklist

  View on GitHub
  ☆195Feb 26, 2023Updated 3 years ago
• d3lb3 / security-code-review

  View on GitHub
  My personal collection of resources (mostly tools and training materials) for source code security audits.
  ☆107Aug 20, 2024Updated last year
• va1da5 / manual-source-code-review

  View on GitHub
  Regex patterns for manual application source code review
  ☆33Dec 14, 2020Updated 5 years ago
• claire-lex / megagrep

  View on GitHub
  Megagrep helps beginning a code review by searching for keywords in the code using "grep". It does not search for vulnerabilities directl…
  ☆14Aug 8, 2022Updated 3 years ago
• vmnguyen / Code-Crawler

  View on GitHub
  Automatic tool using for crawling code to find low-hang fruit vulnerabilities - Based on OWASP Secure Code Review Guide
  ☆21Aug 31, 2020Updated 5 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• 0xRadi / OWASP-Web-Checklist

  View on GitHub
  OWASP Web Application Security Testing Checklist
  ☆2,135Aug 18, 2022Updated 3 years ago
• boku7 / gsCMS-CustomJS-Csrf2Xss2Rce

  View on GitHub
  GetSimple CMS Custom JS Plugin Exploit RCE Chain
  ☆11Mar 8, 2023Updated 3 years ago
• rootxharsh / workshoplabs

  View on GitHub
  Labs from our workshop "Demystifying the server-side".
  ☆17May 30, 2022Updated 3 years ago
• dustyfresh / PHP-vulnerability-audit-cheatsheet

  View on GitHub
  This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabi…
  ☆363Mar 6, 2025Updated last year
• zerbaliy3v / custom-nuclei-templates

  View on GitHub
  my nuclei templates #new
  ☆10Jun 24, 2024Updated last year
• bdcorps / one-time-payments-html-landing-page

  View on GitHub
  ☆16Apr 21, 2021Updated 5 years ago
• t00sh / perl-capstone

  View on GitHub
  Perl wrapper for the capstone library
  ☆14Mar 7, 2017Updated 9 years ago
• wetw0rk / AWAE-PREP

  View on GitHub
  This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with t…
  ☆941Jan 6, 2025Updated last year
• h0rv4th / c2matrix-analyzer

  View on GitHub
  Basic c2-matrix analysis enviroment using Suricata + Wazuh + Elastic stack
  ☆13Apr 18, 2020Updated 6 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• timip / OSWE

  View on GitHub
  OSWE Preparation
  ☆673Jul 25, 2022Updated 3 years ago
• sepehrdaddev / zap-scripts

  View on GitHub
  Zed Attack Proxy Scripts for finding CVEs and Secrets.
  ☆127Jun 2, 2022Updated 3 years ago
• security-prince / Application-Security-Engineer-Interview-Questions

  View on GitHub
  Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exh…
  ☆683Aug 7, 2020Updated 5 years ago
• OWASP / SecureCodingDojo

  View on GitHub
  The Secure Coding Dojo is a platform for delivering secure coding knowledge.
  ☆601Nov 23, 2025Updated 5 months ago
• iamsarvagyaa / AndroidSecNotes

  View on GitHub
  An actively maintained, Self curated notes related to android application security for security professionals, bugbounty hunters, pentes…
  ☆226Aug 26, 2021Updated 4 years ago
• apapedulimu / Learn-Source-Code-Review

  View on GitHub
  Learning source code review, spot vulnerability, find some ways how to fix it.
  ☆30Nov 17, 2022Updated 3 years ago
• deFr0ggy / PMAT-Labs-Walkthroughs

  View on GitHub
  Repo containing my personal walkthroughs of PMAT Labs i.e. PMAT Malware Samples.
  ☆44Mar 23, 2022Updated 4 years ago
• alyrezo / FindBBP

  View on GitHub
  Bug Bounty Program Discovery tool, that discovers bug Bounty Program via security.txt file by default and you can use custom dork
  ☆16Jul 17, 2022Updated 3 years ago
• kajalNair / OSWE-Prep

  View on GitHub
  An OSWE Guide
  ☆125Feb 18, 2021Updated 5 years ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• ghsec / BurpBountyProfile

  View on GitHub
  BurpSiute - BurpBounty Profiles
  ☆20Feb 10, 2023Updated 3 years ago
• wireghoul / graudit

  View on GitHub
  grep rough audit - source code auditing tool
  ☆1,685Dec 19, 2025Updated 5 months ago
• hakluke / ----svg-onload-alert---

  View on GitHub
  jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()…
  ☆11Apr 9, 2021Updated 5 years ago
• shabarkin / CodeAllTheThings

  View on GitHub
  A list of threat sinks used in the manual security source code review for application security
  ☆76May 9, 2023Updated 3 years ago
• bp0lr / myGF_patterns

  View on GitHub
  ☆21Dec 15, 2020Updated 5 years ago
• themarkib / google-acquisitions

  View on GitHub
  Most of the Google Acquisitions for Bug Bounty Hunter.
  ☆66Sep 3, 2022Updated 3 years ago
• Dheerajmadhukar / notes

  View on GitHub
  Bug Bounty & Other Stuff
  ☆59Dec 16, 2021Updated 4 years ago
• purabparihar / Infrastructure-Pentesting-Checklist

  View on GitHub
  ☆139Jul 9, 2021Updated 4 years ago
• tprynn / web-methodology

  View on GitHub
  Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki
  ☆213Oct 31, 2024Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• payatu / resources

  View on GitHub
  Collection of all the resources published by Payatu.
  ☆11May 14, 2026Updated last week
• stypr / vulnerable-nodejs-express-mysql

  View on GitHub
  Example of a vulnerable NodeJS+Express+MySQL service
  ☆20Jan 17, 2023Updated 3 years ago
• Roni-Carta / onhandlers

  View on GitHub
  ☆12Feb 18, 2022Updated 4 years ago
• hmaverickadams / External-Pentest-Checklist

  View on GitHub
  ☆431Feb 2, 2022Updated 4 years ago
• surya-dev-singh / AmsiBypass-OpenSession

  View on GitHub
  This code bypass AMSI by setting JE instruction to JNE in assembly of amsi.dll file
  ☆37Mar 10, 2023Updated 3 years ago
• appsecco / defcon-26-workshop-attacking-and-auditing-docker-containers

  View on GitHub
  DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source
  ☆108Nov 18, 2019Updated 6 years ago
• riramar / h2rs

  View on GitHub
  Detects request smuggling via HTTP/2 downgrades.
  ☆94Jul 30, 2022Updated 3 years ago