<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, Apr 21, 2017 at 10:40 AM, Alex Carver <span dir="ltr"><<a href="mailto:agcarver+ale@acarver.net" target="_blank">agcarver+ale@acarver.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On 2017-04-21 07:19, DJ-Pfulio wrote:<br>
> Be careful where you learn to code. Not all tutorials are equal,<br>
> especially for web-app scripted languages.<br>
><br>
> <a href="https://www.helpnetsecurity.com/2017/04/21/programming-tutorials-vulnerabilities/" rel="noreferrer" target="_blank">https://www.helpnetsecurity.<wbr>com/2017/04/21/programming-<wbr>tutorials-vulnerabilities/</a><br>
<br>
</span>That MySQL example on the page is just awful. I've seen some written<br>
this way but with large warning boxes below the example that explicitly<br>
say this method is insecure and only intended to show a process flow<br>
(checking against a count of users).<br>
<br>
Doesn't matter the language, the basic concept of sanitizing user input<br>
should be universal whether by using sanitizing functions, stored<br>
procedures for DBs, casting or anything else.<br>
<div class="gmail-HOEnZb"><div class="gmail-h5"><br></div></div></blockquote><div><br></div><div>An issue is that new coders need to not learn security until they learn the basics, but they need to learn that security is important before they put code into production. Very few code communities seem hyped about security as a worthwhile learning path. I've been looking into it more for my own needs and would happily take recommendations on more resources. Especially Ruby, not Rails. :)</div><div><br></div><div>This from 2003: <a href="http://shop.oreilly.com/product/9780596002428.do">http://shop.oreilly.com/product/9780596002428.do</a></div><div><br></div><div>Video: <a href="http://shop.oreilly.com/product/0636920047179.do">http://shop.oreilly.com/product/0636920047179.do</a></div><div><br></div><div>OReilly site: <a href="https://www.oreilly.com/topics/security">https://www.oreilly.com/topics/security</a></div><div><br></div><div>Personally I'd recommed communities build mentorship programs. Security is just one aspect of professional coder growth. </div><div><br></div><div><br></div></div></div></div>