Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Some Programming Languages Are More Susceptible to Security Flaws

Writing secure code begins with the choice of a programming language.


advertisement

Veracode has published a new "State of Software Security" report, which confirms what many developers and security experts have long suspected: some programming languages are more susceptible to certain security vulnerabilities than others. For example, C/C++ applications are more likely to have buffer overflow problems. In fact, 48 percent of C/C++ applications submitted to Veracode for analysis had buffer overflow flaws, compared to just 1 percent of .NET applications.

Veracode's Chris Eng explained, "Languages such as C/C++ are not type safe languages.... In C/C++, the programmer has to keep track of the type and space with no help from the language or compiler, allowing flaws to creep into the software. Languages such as .Net are type safe, so you will see a much lower occurrence of buffer overflow flaws."

The report also found that SQL injection flaws varied by programming language. For example, 72 percent of ColdFusions applications had SQL injection vulnerabilities, compared to 31 percent of Java applications and 27 percent of PHP applications.



View article



   
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap