Every Dev considers his Application as "safe" until he get's proven wrong.
Look up at the OWASP Top10 and tell me what you can check as "done" in your current project state:
-Broken Access Control
-Cryptographic Failures
-Injection
-Insecure Design
-Security Misconfiguration
-Vulnerable and Outdated Components
-Identification and Authentication Failures
-Software and Data Integrity Failures
-Security Logging and Monitoring Failures
-Server-Side Request Forgery
If you want to test your "secure coding skills", there's currently an tournament about exactly that:
https://community.cloudogu.com/t/secure-coding-tournament-how-to-take-part/189
SCW is reviewing your written Code automaticly against the (listed above) vulnerabilities, rates your overall score and shows where and how you can improve your skills.
Languages:
Kubernetes
Java
C# / MVC
JavaScript / React
Go
PHP
Python
Top comments (0)