9
Found a stat about how many beginner projects use vulnerable code - shocked me
Honestly, I was looking up some stuff on OWASP last night and saw that over 60% of beginner coding projects on public GitHub repos include at least one known vulnerability. It's usually something simple like hardcoded API keys or outdated libraries. I think a lot of us just copy code from tutorials without checking security stuff. Has anyone else run into this with their own early projects?
2 comments
Log in to join the discussion
Log In2 Comments
wyatta303d ago
Oh man, I just checked one of my old repos from like three years ago and I had my actual AWS secret key just sitting there in plain text. Not even in a config file. It was just hardcoded right in the middle of a Python script like it was no big deal. At this point I'm pretty sure beginners are just treating GitHub like a public pastebin for their passwords. My favorite is when people copy that "ADMIN_PASSWORD = 'password123'" line from a tutorial and actually commit it. Makes you wonder how many side projects are just waiting to be exploited.
5