Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Code-sharing among software developers can lead to security flaws

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

April 18, 2017

Today's busy software developers' tendency for sharing code among themselves does save their colleagues' a lot of time, but it also means they share security flaws they haven't noticed or are not that apparent.

But that simply means that a smart attacker could follow who's shared what with whom to search the internet for security vulnerabilities and then act upon them.

That worrisome concept comes from a group of security researchers based in Germany with a bit of help from Trend Micro.

Their straightforward reasoning is if they were able to find recurrent Web application security vulnerabilities in reused code snippets, it won't be difficult for potential hackers to do the same.

The German researchers looked at more than 64,000 Web apps and various software. They conclude that “adversary with access to a standard PC can leverage our techniques to efficiently discover recurring security vulnerabilities in web application code”.

Among a group of thirty popular software code-sharing tutorials on a forum, the security researchers said, no less than 9 contained vulnerable code. Worse, six had SQL injection errors, and there were 3 tutorials with XSS errors, among others.

The researchers created a GitHub crawler, dubbed GithubSpider and an analytical tool CA-Detector. Of the projects the researchers examined, more than 6,300 counted as popular with ten stars; 16,000-plus with four to nine stars; and 42,000 unpopular projects, with three stars or less.

The 117 code snippets the researches found might not sound like many, but these are likely repeated all over the web, meaning that hackers would also be able to use the buggy code to bootstrap a widespread list of applications for security vulnerabilities that they inherited from tutorials.

The researchers wrote: “Our most recent study finds some disconcerting evidence of insufficiently reviewed tutorials compromising the security of open-source projects. What's more, our findings also testify to the feasibility of large-scale vulnerability discovery using poorly written tutorials as a starting point”.

And the researchers have a good point. The paper's authors are Tommi Unruh, Bhargava Shastry and Jean-Pierre Seifert of the Technical University in Berlin; Malte Skoruppa of Saarland University; Trend Micro's Federico Maggi, and Konrad Rieck and Fabian Yamaguchi of the Technical University of Braunschweig.

Generally speaking, sharing code among developers is a good way to save time and to help the programmer community, but now, and in view of these potential security issues, better means need to be developed in order to continue to help the community but in a more secure manner.

Source: Github.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer