Skip to main content
Intermediate ~24 hours
🛡️ Security Engineer

Security Audit of a Real App

Pick an open-source app, audit it for OWASP Top 10 issues, file responsible-disclosure reports. Real portfolio signal.

Burp Suite or CaidoSemgrep or CodeQLOWASP ZAP

About this project

Real-world security audits are what hiring managers want to see. This project teaches the methodology: threat modeling, manual code review (auth, input validation, session handling), automated scanning, and responsible disclosure. Pick a small open-source app, audit it, file issues responsibly. The writeup is the deliverable.

Why build this in 2026?

Hands-on security audit experience is more valuable than any cert. Strong differentiator.

What you'll ship

  • Audit report (anonymized if needed)
Disclosure thread (if findings are real)
Writeup of methodology

Sign up to see the full project brief

Full deliverables, success criteria, and AI Career Tutor support — free.

Sign up free Already have an account? Sign in

You'll unlock:Complete project brief, AI tutor that knows this project, and progress tracking when you start.

Skills you'll practice

securitypython