This document contains required and optional reading materials for software engineers at Sourcegraph.
We have internal secure coding guidelines published. Here you will find examples of how to prevent certain vulnerabilities. It is mandatory for a software engineer to have read the guidelines.
After having read the guidelines, please complete the Continue item ‘Secure Coding - Assessment’.
Snyk has published free security lessons. These lessons help you get familiar with certain vulnerabilities and bug-classes.
- Snyk security lessons:
- Container does not drop all default capabilities
- Container is running in privileged mode
- Open redirect
- Cross-site scripting
- SQL injection
- Directory traversal
The Open Web Application Security Project has published a book about security practices for Go. It includes source code samples and is available as markdown or PDF: OWASP Go-SCP.
Recommended reading materials for React: - Snyk - Top 10 React security best practices: https://snyk.io/blog/10-react-security-best-practices/