Code Review Lab — practice secure code review
loading…
Code review is a skill.
Practice it.
Build the instinct that catches vulnerabilities in review.
loading daily challenge…
Build the instinct that catches vulnerabilities in review.
Build the instinct that catches vulnerabilities in review. Hands-on challenges in real production code.
CreatorPay is a Kotlin Ktor API for a creator marketplace where artists sell design templates and receive weekly payouts. Mobile and web clients send a Bearer JWT after login, and the API uses token claims to decide whether the caller is a creator, support agent, or payout admin. Review how the Bearer token is parsed before payout permissions are enforced, especially around payout destination changes.
“We dropped Code Review Lab into our security training rotation. Two weeks later our engineers were catching things in PR review we'd historically missed.”