From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!news.glorb.com!peer03.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!Xl.tags.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!news.giganews.com.POSTED!not-for-mail NNTP-Posting-Date: Fri, 01 Jan 2016 18:13:47 -0600 Subject: Re: Top 10 vulnerable languages for web app Newsgroups: comp.lang.ada References: From: Norman Worth Date: Fri, 1 Jan 2016 17:13:47 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <-bKdndbRRuCmixrLnZ2dnUU7-SudnZ2d@giganews.com> X-Usenet-Provider: http://www.giganews.com X-Trace: sv3-tJx4WkfhCUL6kRZgEh13V9RZ4y2MEPi656M7g9ekQXxv6Qoidffxm1D+lWRlPjotmobd2dH8BlcTUf/!dyYUu1Q376UFxL0hjTZsD/h4cFl5rFBr19OxR+xAi3WA70ejkeebULbPfSw9evE+4SVyRfSE9ec= X-Complaints-To: abuse@giganews.com X-DMCA-Notifications: http://www.giganews.com/info/dmca.html X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.40 X-Original-Bytes: 2379 X-Received-Bytes: 2491 X-Received-Body-CRC: 1931577830 Xref: news.eternal-september.org comp.lang.ada:28976 Date: 2016-01-01T17:13:47-07:00 List-Id: On 12/4/2015 11:10 AM, mockturtle wrote: > Not strictly Ada-related, but I guess of some interest to this group... > > According to the following article > > http://thehackernews.com/2015/12/programming-language-security.html > > Veracode published a report (available at https://goo.gl/QVSF1t , registration required) about vulnerabilities in web applications. PHP is at third place, after ColdFusion and Classic ASP (never heard of them...) > > One thing caught my attention in the article. It says: > > "...The security researchers crawled popular web scripting languages including > PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android, > iOS, and COBOL" > ^^^^^ > > COBOL a scripting language?!? > > Enjoy > > Riccardo > The lesson seems to be that typical interpretive scripting languages are dangerous for the web. Note that C and C++, while a bit vulnerable, are far safer than the scripting languages, and that interpreted languages are more susceptible to the more dangerous maladies like code insertion and command insertion. Not surprising, really, when you consider how they work.