Research across a number of universities in Germany indicates that insecure code is being introduced into software as a result of popular online tutorials.
The researchers checked the PHP code bases of more than 64,000 projects on Github, finding more than 100 vulnerabilities that they believe might have been introduced as a result of the developers picking up the code that they used from online tutorials.
"The Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi)," suggested the researchers in their paper.
"Assuming that these tutorials influence real-world software development, we hypothesize that code snippets from popular tutorials can be used to bootstrap vulnerability discovery at scale."
In total, the researchers claim to have uncovered a total of 117 vulnerabilities.
"We manually verified a total of 117 vulnerabilities in our data set. Of these, 8 vulnerabilities were replicas of code from a popular SQL tutorial that we found on the first Google results page," concluded the researchers.
They continued: "Although all of the eight vulnerabilities were found among non popular code repositories, the finding shows that ad hoc code re-use is a reality. We are in the process of notifying the tutorial authors about our findings.
"Our hope is that the presented vulnerabilities are fixed in a timely manner, so that developers borrowing code from these tutorials in the future will not inherit the same vulnerabilities in their code.
"Eighty per cent of the discovered vulnerabilities were SQLi vulnerabilities, and the rest were XSS and path-traversal vulnerabilities."
Computing's Big Data and IoT Summit 2017 and the Big Data and IoT Summit Awards are coming on 17 May 2017.
Find out what construction giant Amey, Lloyds Banking Group, Financial Times and other big names are doing in big data and the Internet of Things.
Attendance to the Summit is free to qualifying senior IT professionals and IT leaders, but places are strictly limited, so apply now.
AND on the same day, Computing is also proud to present the Big Data and IoT Summit Awards, too. See the finalists - and secure a table for your team at the Awards - now:
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago