Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday April 23 2017, @08:33PM   Printer-friendly
from the then-again-it's-PHP dept.

Submitted via IRC for TheMightyBuzzard

Researchers have checked 64,000+ GitHub projects, and found 117 vulnerabilities introduced through the use of code from popular programming tutorials.

Things like this are why I would never hire a professional programmer without an online portfolio of source code to check for Blatant Stupidity.

Source: https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabilities/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Sunday April 23 2017, @10:55PM

    by Anonymous Coward on Sunday April 23 2017, @10:55PM (#498561)

    There's a difference between "A tutorial that shows everything that can go wrong is not a tutorial" and the crap they show in these tutorials.
    - no mention of security awareness or even input validation.
    - using deprecated mysql calls (not using mysqli or PDO).
    - concatenating unsanitized user input directly into the SQL string (not even using the deprecated mysql_real_escape_string() to make a half-assed effort).
    - not using parameterized queries.
    - I could go on but their code has already been hacked by now.

    Creating a very similar, but secure, basic tutorial isn't that much more work. Even W3Schools gets it right and their tutorials are not all that complicated.

    I agree that copy & paste coding is a bad idea, but it is so common that I expect it will live in infamy inside countless IoT devices.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1