Tutorials

Code Audit Tutorials

Hands on walkthroughs you can follow start to finish, from the engineers who run the audit. 6 tutorials, newest first.

Intermediate 3 hours

How to Run a DIY Code Audit in an Afternoon

A practical afternoon walkthrough to audit your own codebase: secrets, dependencies, auth, queries, and code smells, with the commands to run at each stage.

11 min read →

Advanced 1 hour

How to Find N+1 Queries Before They Bite

Detect and fix N+1 database queries with query logging, EXPLAIN ANALYZE, and eager loading, before they melt your database under real traffic.

10 min read →

Intermediate 1 hour

How to Audit Authentication in Your App

A hands-on checklist for auditing login, sessions, tokens, and access control, with real curl probes to test for the auth flaws attackers look for first.

10 min read →

Intermediate 40 minutes

How to Set Up Pre-Commit Secret Scanning

Stop secrets before they enter git history. Configure the pre-commit framework with gitleaks, handle false positives, and add a CI backstop.

8 min read →

Beginner 45 minutes

How to Run a Dependency Audit

Audit your npm, Python, or polyglot project for vulnerable and abandoned dependencies using npm audit, pip-audit, and osv-scanner, step by step.

8 min read →

Beginner 30 minutes

How to Scan Your Repo for Exposed Secrets

Step by step guide to finding API keys, tokens, and passwords hidden in your git history using gitleaks and trufflehog, then cleaning them up.

8 min read →