# Getting Started to Perform Security Code Reviews
The following are several resources that will help you get started on how to perform code reviews to find security bugs/vulnerabilities.

**TIP:** 
- Don't feel that you have to learn everything at once. Start by learning a framework, basics of a programming language, etc. 
- After you learn the first one, the others will be easier to learn. 
- For web security, gaining an understanding on how modern web frameworks work is one of the most important things. 
- Do it side-by-side. Learn how to code and doing code review. It might seem overwhelming at first but it becomes better after you start understanding the code.


## Resources for Learning Different Programming languages:

- Learn Javascript: https://youtube.com/watch?v=PkZNo7MFNFg
- Learn PHP: https://youtube.com/watch?v=OK_JCtrrv-c
- Learn NodeJS: https://youtube.com/watch?v=RLtyhwFtXQA
- Learn Django: https://youtube.com/watch?v=F5mRW0jo-U4
- Learn Ruby on Rails: https://youtube.com/watch?v=fmyvWz5TUWg


## Presentations and videos on code review:

- https://youtube.com/watch?v=kpf3UkMc5Y4
- https://youtube.com/watch?v=f6UOBCJ9pjw
- https://youtube.com/watch?v=fb-t3WWHsMQ
- https://youtube.com/watch?v=A8CNysN-lOM
- https://youtube.com/watch?v=rAwxFw25x3E
- https://youtube.com/watch?v=89rSpNBtVWE


## Vulnerable codes to play around with:

- https://github.com/xuezzou/Vulnerable-nodejs
- https://github.com/cr0hn/vulnerable-node
- https://github.com/SasanLabs/VulnerableApp-php
- https://github.com/redpointsec/vtm
- https://github.com/TROUBLE-1/White-box-pentesting
- https://github.com/computer-engineer/WhiteboxPentest
- https://owasp.org/SecureCodingDojo/codereview101/
- https://github.com/search?q=org%3AShiftLeftSecurity+vulnerable&type=all