Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Languages/platforms used for Web apps. Any stats?

from [Mark Curphey] Network Security [Permanent Link]
Subject: RE: Languages/platforms used for Web apps. Any stats?
Date: Sat, 25 Jun 2005 08:08:32 -0400 
Large organizations tend to use Java and .NET
Small to Medium Size organizations often tend to use LAMP
(Exceptions exist everywhere in life)
People on discussion lists / BBS tend to be the passionate few
Passionate people tend to work for smaller companies

Therefore I would suggest that the reporting on the number of issues with
PHP is not a good indication of its security posture due to;

A disproportionate amount of bugs reported versus actual implementations
The might be explained by a bias of a type of person talking about things
they use in public (whereas their counterpart typically discusses this less
(less passion maybe ;-)) 

Also if the cost of entry is low, you will see less commitment. Less
commitment will = less security. That is to say if my grand mother can write
a simple PHP app but not "fast CCGI" then chances are she will not be able
to write secure apps in either. One has a chance of making it on the net,
the other not.  

At work I honestly can't remember the last time we reviewed a PHP app for a
client. This maybe because we mainly deal with Fortune 1000 / gov (larger
orgs) but for us it would be less that 0.5 percent.

That said if you take a look at some of the fundamental language issues as
AJV suggested I would hypothesis PHP has a lot to work with. Also if you
look at ASP.NET you would struggle to disagree that MS have not done a good
job of making security easy (especially in ASP.NET 2.0) for the drag and
drop brigade.  




-----Original Message-----
From: prep@prep.synonet.com [mailto:prep@prep.synonet.com] 
Sent: Saturday, June 25, 2005 4:26 AM
To: livshits@cs.stanford.edu
Cc: webappsec@securityfocus.com
Subject: Re: Languages/platforms used for Web apps. Any stats?

The best source I know of is Netcraft,
http://www.netcraft.net

They do regular update on who is running what for servers and on a lesser
basis, apps as well.

-- 
Paul Repacholi                               1 Crescent Rd.,
+61 (08) 9257-1001                           Kalamunda.
                                             West Australia 6076
comp.os.vms,- The Older, Grumpier Slashdot Raw, Cooked or Well-done, it's
all half baked.
EPIC, The Architecture of the future, always has been, always will be.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Languages/platforms used for Web apps. Any stats?, prep
Next by Date:  Re: Languages/platforms used for Web apps. Any stats?, Mark Susol Ultimate Creative Media
Previous by Thread:  Re: Languages/platforms used for Web apps. Any stats?, prep
Next by Thread:  RE: Languages/platforms used for Web apps. Any stats?, Steve Slater
Indexes:  [Date] [Thread] [Top] [All Lists]