From: Norman Worth <nworth@comcastNOSPAM.net>
Subject: Re: Top 10 vulnerable languages for web app
Date: Fri, 1 Jan 2016 17:13:47 -0700
Date: 2016-01-01T17:13:47-07:00 [thread overview]
Message-ID: <-bKdndbRRuCmixrLnZ2dnUU7-SudnZ2d@giganews.com> (raw)
In-Reply-To: <a649f4ff-e8ab-4383-8e28-e18cb1298b5f@googlegroups.com>
On 12/4/2015 11:10 AM, mockturtle wrote:
> Not strictly Ada-related, but I guess of some interest to this group...
>
> According to the following article
>
> http://thehackernews.com/2015/12/programming-language-security.html
>
> Veracode published a report (available at https://goo.gl/QVSF1t , registration required) about vulnerabilities in web applications. PHP is at third place, after ColdFusion and Classic ASP (never heard of them...)
>
> One thing caught my attention in the article. It says:
>
> "...The security researchers crawled popular web scripting languages including
> PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android,
> iOS, and COBOL"
> ^^^^^
>
> COBOL a scripting language?!?
>
> Enjoy
>
> Riccardo
>
The lesson seems to be that typical interpretive scripting languages are
dangerous for the web. Note that C and C++, while a bit vulnerable, are
far safer than the scripting languages, and that interpreted languages
are more susceptible to the more dangerous maladies like code insertion
and command insertion. Not surprising, really, when you consider how
they work.
prev parent reply other threads:[~2016-01-02 0:13 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-04 18:10 Top 10 vulnerable languages for web app mockturtle
2015-12-04 18:34 ` David Botton
2015-12-04 20:22 ` mockturtle
2015-12-04 20:26 ` mockturtle
2015-12-05 1:00 ` Paul Rubin
2016-04-08 22:37 ` Daniel Otte
2015-12-05 17:12 ` Per Sandberg
2016-01-02 0:13 ` Norman Worth [this message]
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox