From 0a102824d5a8c6b53a4677b6fa6537afbb7bfd77 Mon Sep 17 00:00:00 2001
From: Omar Santos <santosomar@gmail.com>
Date: Tue, 19 Jul 2022 13:15:40 -0400
Subject: [PATCH] Source Code Review Resources

WIP
---
 .../getting_started_code_review.md            | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 programming_and_scripting_for_cybersecurity/getting_started_code_review.md

diff --git a/programming_and_scripting_for_cybersecurity/getting_started_code_review.md b/programming_and_scripting_for_cybersecurity/getting_started_code_review.md
new file mode 100644
index 0000000..afa253d
--- /dev/null
+++ b/programming_and_scripting_for_cybersecurity/getting_started_code_review.md
@@ -0,0 +1,39 @@
+# Getting Started to Perform Security Code Reviews
+The following are several resources that will help you get started on how to perform code reviews to find security bugs/vulnerabilities.
+
+**TIP:** 
+- Don't feel that you have to learn everything at once. Start by learning a framework, basics of a programming language, etc. 
+- After you learn the first one, the others will be easier to learn. 
+- For web security, gaining an understanding on how modern web frameworks work is one of the most important things. 
+- Do it side-by-side. Learn how to code and doing code review. It might seem overwhelming at first but it becomes better after you start understanding the code.
+
+
+## Resources for Learning Different Programming languages:
+
+- Learn Javascript: https://youtube.com/watch?v=PkZNo7MFNFg
+- Learn PHP: https://youtube.com/watch?v=OK_JCtrrv-c
+- Learn NodeJS: https://youtube.com/watch?v=RLtyhwFtXQA
+- Learn Django: https://youtube.com/watch?v=F5mRW0jo-U4
+- Learn Ruby on Rails: https://youtube.com/watch?v=fmyvWz5TUWg
+
+
+## Presentations and videos on code review:
+
+- https://youtube.com/watch?v=kpf3UkMc5Y4
+- https://youtube.com/watch?v=f6UOBCJ9pjw
+- https://youtube.com/watch?v=fb-t3WWHsMQ
+- https://youtube.com/watch?v=A8CNysN-lOM
+- https://youtube.com/watch?v=rAwxFw25x3E
+- https://youtube.com/watch?v=89rSpNBtVWE
+
+
+## Vulnerable codes to play around with:
+
+- https://github.com/xuezzou/Vulnerable-nodejs
+- https://github.com/cr0hn/vulnerable-node
+- https://github.com/SasanLabs/VulnerableApp-php
+- https://github.com/redpointsec/vtm
+- https://github.com/TROUBLE-1/White-box-pentesting
+- https://github.com/computer-engineer/WhiteboxPentest
+- https://owasp.org/SecureCodingDojo/codereview101/
+- https://github.com/search?q=org%3AShiftLeftSecurity+vulnerable&type=all