Skip to content
/ security-faux-pas Public

A teaching repository showcasing common security vulnerabilities (CVEs) and their mitigations. Features real-world examples from TypeScript, Python, Java, etc with CWE/OWASP mappings. All code is intentionally inert for safe learning.

github.com/vBarbaros/security-faux-pas

License

MIT license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vBarbaros/security-faux-pas

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
assets
assets
 
 
docs
docs
 
 
vulnerabilities
vulnerabilities
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
CVE_CATALOG.md
CVE_CATALOG.md
 
 
DISCLAIMER.md
DISCLAIMER.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

LinkedIn Profile Header

security-faux-pas — intentionally inert vulnerable examples (educational)

READ THIS FIRST — DO NOT RUN ANY CODE IN THIS REPOSITORY.

security-faux-pas is a teaching collection of intentionally vulnerable code snippets
stored in non-runnable formats (for example, .example files or fenced code blocks).

Its goal is to help developers recognize insecure coding patterns and learn proper mitigations —
not to provide runnable exploits or proof-of-concept scripts.

🎯 Purpose

  • Highlight common security mistakes (“faux pas”) across multiple programming languages.
  • Provide secure fixes alongside each vulnerable example.
  • Map examples to CWE and OWASP Top 10 categories.
  • Keep all examples safe, inert, and educational.

📂 Repository structure

security-faux-pas/
├─ README.md
├─ DISCLAIMER.md
├─ CONTRIBUTING.md
├─ vulnerabilities/
│  ├─ typescript/
│  │  ├─ CVE-2024-31621-auth-bypass.vuln.example
│  │  ├─ CVE-2024-31621-auth-bypass.fix.example
│  │  └─ README.md
│  ├─ c/
│  ├─ java/
│  ├─ python/
│  ├─ node/
│  ├─ php/
│  ├─ ruby/
│  ├─ go/
│  └─ rust/
├─ docs/
│  ├─ howto_read.md
│  └─ mapping.md
└─ .github/
   └─ workflows/
      └─ enforce-nonrunnable.yml

⚖️ Rules of use

  1. Do not execute any example. 🚫
    All .vuln.example and .fix.example files are deliberately incomplete or contain placeholders.
  2. For learning only. 📚 Study patterns, discuss mitigations, compare insecure vs secure.
  3. Contributors must follow safety policies. See CONTRIBUTING.md. CI enforces:
    • INERT — DO NOT RUN header present,
    • no executable bits / shebangs,
    • no runnable main entrypoints.
  4. No exploits/payloads. ❌ PRs adding them will be rejected.

📖 How to use

🔬 Need runnable labs?

Create a private, isolated training environment under supervision.
This public repo is intentionally inert.

— The security-faux-pas Team

Victor Barbarosh Author

Created by Victor Barbarosh - 🔐 Security by Design Specialist & 💻 Senior Full Stack Developer @ Ericsson | Creator of security-faux-pas repo | 🎓 M.Sc. Computer Science (AI/RL) @ McGill

LinkedIn

Follow for more security insights and educational content!

© 2025 Victor Barbarosh. Licensed under the MIT License.

About

A teaching repository showcasing common security vulnerabilities (CVEs) and their mitigations. Features real-world examples from TypeScript, Python, Java, etc with CWE/OWASP mappings. All code is intentionally inert for safe learning.

github.com/vBarbaros/security-faux-pas

Topics

python java education security typescript owasp infosec cve code-examples cyber security-training cwe secure-coding devsecops vulner

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository