Blogs, Tools and other available resources for source code review.

Blogs

• SSRF to RCE with Jolokia and MBeans
• Anatomy of an Exploit: RCE with CVE-2020-1350 SIGRed
• Reproducing the Microsoft Exchange Proxylogon Exploit Chain
• Java-Deserialization-Cheat-Sheet
• EXIF RCE
• Argument injection in dragonfly gem
• Pre-Auth RCE in ForgeRock
• WOO-Commerce SQLI
• Deserialization on Rails
• Confluence OGNL RCE - CVE-2021-26084
• Personal Blog

Tools

• Open Source Bug Bounty
• SeeBug
• VulnCode-DB
• Java Learn Security

Misc

(( Might not be related to source code but interesting ))

• Ways to alert(document.domain)
• Data protection laws leading to account takeover
• Weird Web proxy
• RECOVERING A FULL PEM PRIVATE KEY WHEN HALF OF IT IS REDACTED
• Hidden OAuth attack vectors