More Resources
Blog
Popular Topics
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Resource Hub
Popular Topics
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Application Security
Secure Coding Techniques
Exploit

Copy/Paste is a dangerous coding technique

Published Sep 30, 2017
by Pieter Danhieux
cASE sTUDY

Copy/Paste is a dangerous coding technique

Published Sep 30, 2017
by Pieter Danhieux
View Resource
View Resource
tl;dr?

tl;dr?

Play video button.
Play video button.

Researchers from VirginiaTech released a paper after analysing hundreds of posts on the most popular developer forum (Stack Overflow). They looked at the type of questions asked around security, the most popular answers given by the community and the effect it has on code software engineers.

Not a real surprise for people who have been in Cyber Security for a while, but more awareness is needed around this problem from a developer perspective:

  • Security features provided by coding frameworks (e.g. JAVA Spring) are overly complicated and poorly documented
  • A substantial number of developers do not appear to understand the security implications of coding options, showing a lack of cyber security training
  • Many of the suggestions and "fixes" on these forums are not secure but were getting positives votes and thus higher in ratings

The report suggests the following solutions:

  • Workforce retraining
  • Semi-Automating security bug detection and fixing

We need to make security easy for developers and built-in from the start in order to maintain the speed in which businesses operate today.

"The significance of this work is that we provided empirical evidence for a significant number of alarming secure coding issues, which have not been previously reported," the paper says. "These issues are due to a variety of reasons, including the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries."

https://www.theregister.com/2017/09/29/java_security_plagued_stack_overflow/

View Resource
View Resource

Author

Pieter Danhieux

Pieter Danhieux is a globally recognized security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organizations, systems and individuals for security weaknesses. In 2016, he was recognized as one of the Coolest Tech people in Australia (Business Insider), awarded Cyber Security Professional of the Year (AISA - Australian Information Security Association) and holds GSE, CISSP, GCIH, GCFA, GSEC, GPEN, GWAPT, GCIA certifications.

The Resource Hub

Related Articles We Recommend

View Resources
Featured Post

Developer security maturity quiz

We’ve looked at 400+ organizations to identify the three stages of security maturity. How security-savvy are your developer teams? Take the quiz to find out.

View Resource
Nov 1, 2022
decorative image with resource title: OWASP Top 10 API 2023: A tactical guide for smart developers

OWASP Top 10 API 2023: A tactical guide for smart developers

View Resources
Aug 14, 2023
Decorative image showing a monitor with the whitepaper

Forge your fortress: Six essential pillars of developer enablement in software security

View Resources
Sep 12, 2023
Decorative image with the name of the webinar

The path to security champions

View Resources
Aug 4, 2023
Resource Hub
The Secure Code Daily

Related Articles We Recommend

More Posts
Featured Post

Certified security awareness: An Executive Order to elevate developers

The latest Executive Order from the US Federal Government touches on many aspects of functional cybersecurity, but for the first time, specifically outlines the impact of developers, and the need for them to have verified security skills and awareness.

Read Post
May 20, 2021
Product

What is Sensei?

Read Post
Oct 8, 2020
Vulnerabilities

OWASP’s 2021 list shuffle: A new battle plan and primary foe

Read Post
Oct 5, 2021
Insights

API on Wheels: A road trip of risky vulnerabilities

Read Post
Nov 30, 2021
Resource Hub
Want more?

Dive into onto our latest secure coding insights on the blog.

Our extensive resource library aims to empower the human approach to secure coding upskilling.

View Blog
Want more?

Get the latest research on developer-driven security

Our extensive resource library is full of helpful resources from whitepapers to webinars to get you started with developer-driven secure coding. Explore it now.

Resource Hub

Copy/Paste is a dangerous coding technique

Published Mar 07, 2023
By Pieter Danhieux

Researchers from VirginiaTech released a paper after analysing hundreds of posts on the most popular developer forum (Stack Overflow). They looked at the type of questions asked around security, the most popular answers given by the community and the effect it has on code software engineers.

Not a real surprise for people who have been in Cyber Security for a while, but more awareness is needed around this problem from a developer perspective:

  • Security features provided by coding frameworks (e.g. JAVA Spring) are overly complicated and poorly documented
  • A substantial number of developers do not appear to understand the security implications of coding options, showing a lack of cyber security training
  • Many of the suggestions and "fixes" on these forums are not secure but were getting positives votes and thus higher in ratings

The report suggests the following solutions:

  • Workforce retraining
  • Semi-Automating security bug detection and fixing

We need to make security easy for developers and built-in from the start in order to maintain the speed in which businesses operate today.

"The significance of this work is that we provided empirical evidence for a significant number of alarming secure coding issues, which have not been previously reported," the paper says. "These issues are due to a variety of reasons, including the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries."

https://www.theregister.com/2017/09/29/java_security_plagued_stack_overflow/

Fill out the form to access the full report

We would like your permission to send you information on our products and/or related secure coding topics. We’ll always treat your personal details with the utmost care and will never sell them to other companies for marketing purposes.

To submit the form, please enable 'Analytics' cookies. Feel free to disable them again once you're done.

More Great Resources Like this

Resource Hub
Featured Post

Devlympics 2022: In Review

View Resource
Jul 31, 2023
Featured Post

How Thales implemented developer-driven security

View Resource
Jul 22, 2023
Image of a monitor with the case study text
Featured Post

How Colgate-Palmolive boosted developer security skills and created a secure coding culture

View Resource
Jun 7, 2023
Resources
Copy/Paste is a dangerous coding technique
Back to top
Connect
Facebook
Twitter
Youtube
Instagram
LinkedIn
Learning Platform
Why Us?
Integrations
Resources
Newsroom
Community
Secure Code CoachDevlympicsPartner Program
Company
About UsTrust CenterCareersContact Us
Help & Support
FAQHelp CenterCustomer SuccessAccessibility Statement
Sydney
Boston
Portland
London
Bruges
Reykjavík
Copyright © 2015-2022 Secure Code Warrior Limited.
Privacy Policy| Cookie Policy | Accessibility | Legal | Site Map
Blog
Copy/Paste is a dangerous coding technique
Back to top
Connect
Facebook
Twitter
Youtube
Instagram
LinkedIn
Learning Platform
Why Us?
Integrations
Resources
Newsroom
Community
Secure Code CoachDevlympicsPartner Program
Company
About UsTrust CenterCareersContact Us
Help & Support
FAQHelp CenterCustomer SuccessAccessibility Statement
Sydney
Boston
Portland
London
Bruges
Reykjavík
Copyright © 2015-2022 Secure Code Warrior Limited.
Privacy Policy| Cookie Policy | Accessibility | Legal | Site Map