* Top 10 vulnerable languages for web app
@ 2015-12-04 18:10 mockturtle
2015-12-04 18:34 ` David Botton
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: mockturtle @ 2015-12-04 18:10 UTC (permalink / raw)
Not strictly Ada-related, but I guess of some interest to this group...
According to the following article
http://thehackernews.com/2015/12/programming-language-security.html
Veracode published a report (available at https://goo.gl/QVSF1t , registration required) about vulnerabilities in web applications. PHP is at third place, after ColdFusion and Classic ASP (never heard of them...)
One thing caught my attention in the article. It says:
"...The security researchers crawled popular web scripting languages including
PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android,
iOS, and COBOL"
^^^^^
COBOL a scripting language?!?
Enjoy
Riccardo
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: Top 10 vulnerable languages for web app
2015-12-04 18:10 Top 10 vulnerable languages for web app mockturtle
@ 2015-12-04 18:34 ` David Botton
2015-12-04 20:22 ` mockturtle
2015-12-04 20:26 ` mockturtle
2015-12-05 17:12 ` Per Sandberg
2016-01-02 0:13 ` Norman Worth
2 siblings, 2 replies; 8+ messages in thread
From: David Botton @ 2015-12-04 18:34 UTC (permalink / raw)
> COBOL a scripting language?!?
Is ok, they list iOS and Android as languages too, at least COBOL could be used for "scripting".
David Botton
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Top 10 vulnerable languages for web app
2015-12-04 18:34 ` David Botton
@ 2015-12-04 20:22 ` mockturtle
2015-12-04 20:26 ` mockturtle
1 sibling, 0 replies; 8+ messages in thread
From: mockturtle @ 2015-12-04 20:22 UTC (permalink / raw)
On Friday, December 4, 2015 at 7:34:56 PM UTC+1, David Botton wrote:
> > COBOL a scripting language?!?
>
> Is ok, they list iOS and Android as languages too, at least COBOL could be used for "scripting".
>
> David Botton
Right, I did not notice iOS and Android...
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Top 10 vulnerable languages for web app
2015-12-04 18:34 ` David Botton
2015-12-04 20:22 ` mockturtle
@ 2015-12-04 20:26 ` mockturtle
2015-12-05 1:00 ` Paul Rubin
1 sibling, 1 reply; 8+ messages in thread
From: mockturtle @ 2015-12-04 20:26 UTC (permalink / raw)
On Friday, December 4, 2015 at 7:34:56 PM UTC+1, David Botton wrote:
> > COBOL a scripting language?!?
>
> Is ok, they list iOS and Android as languages too, at least COBOL could be used for "scripting".
>
> David Botton
By the way, it would be amusing (for some value of "amusing") to code a web app in COBOL...
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Top 10 vulnerable languages for web app
2015-12-04 18:10 Top 10 vulnerable languages for web app mockturtle
2015-12-04 18:34 ` David Botton
@ 2015-12-05 17:12 ` Per Sandberg
2016-01-02 0:13 ` Norman Worth
2 siblings, 0 replies; 8+ messages in thread
From: Per Sandberg @ 2015-12-05 17:12 UTC (permalink / raw)
They must be "security experts" ;)
Den 2015-12-04 kl. 19:10, skrev mockturtle:
> Not strictly Ada-related, but I guess of some interest to this group...
>
> According to the following article
>
> http://thehackernews.com/2015/12/programming-language-security.html
>
> Veracode published a report (available at https://goo.gl/QVSF1t , registration required) about vulnerabilities in web applications. PHP is at third place, after ColdFusion and Classic ASP (never heard of them...)
>
> One thing caught my attention in the article. It says:
>
> "...The security researchers crawled popular web scripting languages including
> PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android,
> iOS, and COBOL"
> ^^^^^
>
> COBOL a scripting language?!?
>
> Enjoy
>
> Riccardo
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Top 10 vulnerable languages for web app
2015-12-04 18:10 Top 10 vulnerable languages for web app mockturtle
2015-12-04 18:34 ` David Botton
2015-12-05 17:12 ` Per Sandberg
@ 2016-01-02 0:13 ` Norman Worth
2 siblings, 0 replies; 8+ messages in thread
From: Norman Worth @ 2016-01-02 0:13 UTC (permalink / raw)
On 12/4/2015 11:10 AM, mockturtle wrote:
> Not strictly Ada-related, but I guess of some interest to this group...
>
> According to the following article
>
> http://thehackernews.com/2015/12/programming-language-security.html
>
> Veracode published a report (available at https://goo.gl/QVSF1t , registration required) about vulnerabilities in web applications. PHP is at third place, after ColdFusion and Classic ASP (never heard of them...)
>
> One thing caught my attention in the article. It says:
>
> "...The security researchers crawled popular web scripting languages including
> PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android,
> iOS, and COBOL"
> ^^^^^
>
> COBOL a scripting language?!?
>
> Enjoy
>
> Riccardo
>
The lesson seems to be that typical interpretive scripting languages are
dangerous for the web. Note that C and C++, while a bit vulnerable, are
far safer than the scripting languages, and that interpreted languages
are more susceptible to the more dangerous maladies like code insertion
and command insertion. Not surprising, really, when you consider how
they work.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2016-04-08 22:37 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-04 18:10 Top 10 vulnerable languages for web app mockturtle
2015-12-04 18:34 ` David Botton
2015-12-04 20:22 ` mockturtle
2015-12-04 20:26 ` mockturtle
2015-12-05 1:00 ` Paul Rubin
2016-04-08 22:37 ` Daniel Otte
2015-12-05 17:12 ` Per Sandberg
2016-01-02 0:13 ` Norman Worth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox