How to Run a DIY Code Audit in an Afternoon
A practical afternoon walkthrough to audit your own codebase: secrets, dependencies, auth, queries, and code smells, with the commands to run at each stage.
11 min read →
Tutorials
Hands on walkthroughs you can follow start to finish, from the engineers who run the audit. 6 tutorials, newest first.
A practical afternoon walkthrough to audit your own codebase: secrets, dependencies, auth, queries, and code smells, with the commands to run at each stage.
11 min read →
Detect and fix N+1 database queries with query logging, EXPLAIN ANALYZE, and eager loading, before they melt your database under real traffic.
10 min read →
A hands-on checklist for auditing login, sessions, tokens, and access control, with real curl probes to test for the auth flaws attackers look for first.
10 min read →
Stop secrets before they enter git history. Configure the pre-commit framework with gitleaks, handle false positives, and add a CI backstop.
8 min read →
Audit your npm, Python, or polyglot project for vulnerable and abandoned dependencies using npm audit, pip-audit, and osv-scanner, step by step.
8 min read →
Step by step guide to finding API keys, tokens, and passwords hidden in your git history using gitleaks and trufflehog, then cleaning them up.
8 min read →