🧪 Secure Coding Review Labs and Language-Specific Checklists

Intro: The KB already includes vulnerable-versus-safer code examples by language. This pack turns those examples into something more useful for training and review operations: guided labs, facilitator prompts, and language-specific checklists that engineering managers, security champions, and reviewers can use repeatedly.

What this pack includes

a facilitator guide for running short secure-coding review labs;

language-specific review checklists;

a scenario pack that converts the snippet pages into exercises;

cross-links to the existing vulnerable/safer example pages by language.

Start here

Page	Why use it
Secure Coding Review Labs — Facilitator Guide	Run 20–60 minute review sessions that feel like real engineering work instead of compliance theatre.
Language-Specific Secure Coding Review Checklists	Use stack-aware review questions for PRs, design reviews, and onboarding.
Secure Coding Review Lab Scenarios by Language	Turn the vulnerable/safer examples into practical exercises with expected outcomes.

Existing example pages this pack builds on

Language	Example page
PHP	PHP Vulnerability Examples and Fixes
Python	Python Vulnerability Examples and Fixes
Go	Go Vulnerability Examples and Fixes
Java	Java Vulnerability Examples and Fixes
JavaScript	JavaScript Vulnerability Examples and Fixes
TypeScript	TypeScript Vulnerability Examples and Fixes
SQL	SQL Vulnerability Examples and Fixes

Best use cases

developer onboarding;
security champion sessions;
post-incident learning loops;
architecture review warm-ups;
PR reviewer calibration;
interview or assessment packs for engineering security literacy.

Delivery rule for this pack

This pack is designed to be:

small enough to run in normal engineering cadence;
realistic enough to improve review behavior;
repeatable enough to become a program habit.

Use with

Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.