Does your code reveal vulnerabilities or exploits to hackers?

Do you store all your projects in GitHub?(Open Source)

I mostly keep my projects in GitHub.How do I ensure that my repo’s doesn't contain anything exploitable ?Should I learn to code keeping security measures in mind or secure coding is different than how we code generally?

Do you recompile , rebuild your projects when updates are released for the tools you used to build them?

If your answer is no then you might be in serious trouble.

Do you use frameworks to build stuff?

As a developer you might feel that the framework you use is highly secure it’s one of the most common mistake we make.Just as an example take a look at react

React v16.4.2: Server-side vulnerability fix - React Blog

CVE-2018-6341 : React applications which rendered to HTML using the ReactDOMServer API were not…

What to look for while building stuff ?

1. Cross site scripting (XSS)
2. Server-Side Rendering
3. Sneaky Links
4. Component Spoofing
5. dangerouslySetInnerHTML

Those are just the tip of the iceberg. Let’s not deviate ,So the take away is always rebuild when updates are released.

Forgive me react devs for pointing out to react 😔.It just has to be some framework 😅.

A python tool that check’s for important files being pushed to public repos.

Will this help me?
I would say partially support you.Don’t worry GitHub would send you mail if have any secrets in your code left in public repositories.

Though GitHub checks for those I recommend to try this tool.

eswar2001/github-dorks

How to set it up ?

git clone https://github.com/eswar2001/github-dorks.git
cd github-dorks
python -m pip install –upgrade pip
pip install github
pip install feedparser

How to check your public repos in GitHub

python github-dork.py -u eswar2001

It return you the list of dorks you need to remove or change repo to private.

Conclusion:-

Even though you follow all the ways to build and secure projects beware of social engineering.Rebuild your stuff when ever you get update ,never assume that the framework does all the work for you.

The reason why staying update and upgrading is important

Lawmakers turn to hackers at Defcon for election security

The machines — from Diebolds to Sequoia and Winvote equipment — were bought on eBay or from government auctions, and an analysis of them at the DEF CON Voting Village revealed a sorry state of affairs. Some were running very outdated and exploitable software — such as unpatched versions of OpenSSL and Windows XP and CE. Some had physical ports open that could be used to install malicious software to tamper with votes.