Where can I find vulnerable code snnipets to practice vulnerability research skills?

Hi guys, I’m looking for vulnerable server side code snippets in order to practice my vulnerabilty research skills.
Do you know where can find a dump of such thing ?
moreover, I would like for a recommadation of CTFs in the topic of vulnerability research.
thanks in advanced :slight_smile:

3 Likes

Well I’m no exploit dev or what ever but here is a list of awesome places I know:
https://overthewire.org/wargames/
https://exploit-exercises.lains.space/
https://pwnable.kr/

I advice you to start with exploit exercises as they deal with vulnerable code snippets

hope this helps!

5 Likes

i really encourage purchasing this book to support the authors, but you can peruse it, here. vulnerable snippets and solutions to bad practices

http://index-of.es/Miscellanous/24-DEADLY-SINS-OF-SOFTWARE-SECURITY-2010.pdf

SEI CERT has coding standards with examples of vulnerable and remedied code. there are free books on C, C++, Android, Perl, and Java

https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards

4 Likes

The first book is just wow

not quite code, but rules for most languages when conducting source analysis

https://rules.sonarsource.com/

Thanks guys, your’e the best !

Thank you for link to the 24 deadly sins. Incredible book. I just started reading it.

1 Like

This post was flagged by the community and is temporarily hidden.