# Secure Coding Review Labs and Language-Specific Checklists

> **Intro:** The KB already includes vulnerable-versus-safer code examples by language. This pack turns those examples into something more useful for training and review operations: **guided labs, facilitator prompts, and language-specific checklists** that engineering managers, security champions, and reviewers can use repeatedly.
>
> **What this pack includes**
>
> * a facilitator guide for running short secure-coding review labs;
> * language-specific review checklists;
> * a scenario pack that converts the snippet pages into exercises;
> * cross-links to the existing vulnerable/safer example pages by language.

## Start here

| Page                                                                                                                                                    | Why use it                                                                                           |
| ------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| [Secure Coding Review Labs — Facilitator Guide](/application-security-and-secure-sdlc/index-4/secure-coding-review-labs-facilitator-guide.md)           | Run 20–60 minute review sessions that feel like real engineering work instead of compliance theatre. |
| [Language-Specific Secure Coding Review Checklists](/application-security-and-secure-sdlc/index-4/language-specific-secure-coding-review-checklists.md) | Use stack-aware review questions for PRs, design reviews, and onboarding.                            |
| [Secure Coding Review Lab Scenarios by Language](/application-security-and-secure-sdlc/index-4/secure-coding-review-lab-scenarios-by-language.md)       | Turn the vulnerable/safer examples into practical exercises with expected outcomes.                  |

## Existing example pages this pack builds on

| Language   | Example page                                                                                                                                |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
| PHP        | [PHP Vulnerability Examples and Fixes](/application-security-and-secure-sdlc/index-4/php-vulnerability-examples-and-fixes.md)               |
| Python     | [Python Vulnerability Examples and Fixes](/application-security-and-secure-sdlc/index-4/python-vulnerability-examples-and-fixes.md)         |
| Go         | [Go Vulnerability Examples and Fixes](/application-security-and-secure-sdlc/index-4/golang-vulnerability-examples-and-fixes.md)             |
| Java       | [Java Vulnerability Examples and Fixes](/application-security-and-secure-sdlc/index-4/java-vulnerability-examples-and-fixes.md)             |
| JavaScript | [JavaScript Vulnerability Examples and Fixes](/application-security-and-secure-sdlc/index-4/javascript-vulnerability-examples-and-fixes.md) |
| TypeScript | [TypeScript Vulnerability Examples and Fixes](/application-security-and-secure-sdlc/index-4/typescript-vulnerability-examples-and-fixes.md) |
| SQL        | [SQL Vulnerability Examples and Fixes](/application-security-and-secure-sdlc/index-4/sql-vulnerability-examples-and-fixes.md)               |

## Best use cases

* developer onboarding;
* security champion sessions;
* post-incident learning loops;
* architecture review warm-ups;
* PR reviewer calibration;
* interview or assessment packs for engineering security literacy.

## Delivery rule for this pack

This pack is designed to be:

* **small enough to run in normal engineering cadence**;
* **realistic enough to improve review behavior**;
* **repeatable enough to become a program habit**.

## Use with

* [Code Vulnerability Examples and Fixes by Language](/application-security-and-secure-sdlc/index-4/code-vulnerability-examples-and-fixes-by-language.md)
* [Stack-Specific Review Checklists and Release Criteria](/application-security-and-secure-sdlc/index-4/stack-specific-review-checklists-and-release-criteria.md)
* [Web Application Security Review and Architecture Playbook](/application-security-and-secure-sdlc/index-1/web-application-security-review-and-architecture-playbook.md)
* [SonarQube Modern Practical Guide — Quality Gates, Security Hotspots, PR Analysis, and Review Workflows](/application-security-and-secure-sdlc/index-1/sonarqube-modern-practical-guide-quality-gates-hotspots-and-review-workflows.md)

***

*Author attribution: Ivan Piskunov, 2026 - Educational and defensive-engineering use.*


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.product-security.expert/application-security-and-secure-sdlc/index-4/secure-coding-review-labs-and-language-checklists.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.