Top-ranked programming Web tutorials introduce vulnerabilities into software

Found on HelpNetSecurity on Sunday, 23 April 2017

Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials.

In their research, they evaluated only PHP application code, but their approach can be easily used to evaluate codebases in other programming languages, especially because they have made available their crawler (GithubSpider) and code analogue detector (CADetector) tools.

That applies to tutorials about literally everything. Many of them are written by people who managed to get something running with a big portion of luck and feel the need to share their findings. It does not only affect programming, but entire OS installations too: for example, if you stumble over "disable SELinux" then better quit reading more on that page.

Browse all articles« Previous « » Next »