Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Some Programming Languages Are More Susceptible to Security Flaws

Writing secure code begins with the choice of a programming language.


Veracode has published a new "State of Software Security" report, which confirms what many developers and security experts have long suspected: some programming languages are more susceptible to certain security vulnerabilities than others. For example, C/C++ applications are more likely to have buffer overflow problems. In fact, 48 percent of C/C++ applications submitted to Veracode for analysis had buffer overflow flaws, compared to just 1 percent of .NET applications.

Veracode's Chris Eng explained, "Languages such as C/C++ are not type safe languages.... In C/C++, the programmer has to keep track of the type and space with no help from the language or compiler, allowing flaws to creep into the software. Languages such as .Net are type safe, so you will see a much lower occurrence of buffer overflow flaws."

The report also found that SQL injection flaws varied by programming language. For example, 72 percent of ColdFusions applications had SQL injection vulnerabilities, compared to 31 percent of Java applications and 27 percent of PHP applications.

View article

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date