A study released by WhiteHat Security has found that, despite the variety of programming languages in existence, there is little to no difference in security between the different types. While programming languages don’t use identical security postures, the security vulnerabilities across various languages is remarkably similar.
“Web application security truly is a moving target with constant changes in attack methods and techniques,“ said Jeremiah Grossman, founder and chief technology officer, WhiteHat Security. “While it“™s pertinent to keep a close eye on the top 10 vulnerabilities putting websites at risk, this time we wanted to focus on the programming languages since that“™s where it all begins. If organizations have a better idea of how the languages they use fare in the field, they can be more vigilant during the development lifecycle and hopefully avoid bigger problems later.“
The report included the evaluation of 1,700 critical business websites, with data collection from January 2006 to March 2010.
“Perl had the highest average number of historical vulnerabilities found at 45 percent followed by Cold Fusion at 34 percent. Additionally, Perl, Cold Fusion, JSP and PHP were most likely to contain at least one serious vulnerability at approximately 80 percent of the time. Among the lowest historical vulnerability averages were ASPX (Microsoft“™s .NET) and DO (Struts Java) with 19 percent and 20 percent, respectively,” according to the report.
You can access the study here