Programming Language Security

Here’s a good new report on programming language security for languages commonly used for websites. It concludes that the most commonly used languages (.NET, Java, and ASP) combined with the complexity of their languages makes them the most vulnerable but between the 3, there’s no statistical difference in vulnerability by application. “Legacy” languages such as ColdFusion, PHP, and Perl are less used and less complex and as a group, have fewer vulnerabilities than the newer and more popular languages.

As a whole, the Cross-Site-Scripting remains the most common vulnerability and it’s also the most common for every language except .NET where¬†Cross-Site-Scripting is number two and Information Leakage is number one.

It’s some great research that all web developers and planners should consider as they do their threat assessments when site building or doing remediation work.



Leave a Reply

Your email address will not be published. Required fields are marked *