State University of Information and Communication Technologies
State University of Information and Communication Technologies
State University of Information and Communication Technologies

03110, Ukraine
Kyiv, 7 Solomyanska Street
State University of Information and Communication Technologies

Which languages generate the most bugs

11:04, 21-12-2015

Experts of the company Veracode submitted a report, on which work took them one and a half years. During this time, experts have studied more than 200 000 different applications trying to determine how the situation with security in the sphere of development. The output will get interesting statistics. Vulnerabilities in Web applications are largely the fault of scripting languages.

After studying hundreds of thousands of programs written in languages PHP, Java, JavaScript, Ruby, .NET, C and C ++, Microsoft Classic ASP, COBOL, as well as applications for Android and iOS, the researchers concluded that the most unsafe can be considered languages PHP, Classic ASP and ColdFusion. The most reliable proved to Java and .NET.

Anti-top as follows. When reporting experts Veracode own unique metric used - Flaw Density per MB, that is, the number of bugs per megabytes of source code.

• Classic ASP - 1686 Bug / MB (1112 Critical)

• ColdFusion - 262 Bug / MB (227 Critical)

• PHP - Bug 184 / MB (47 critical)

• Java - 51 Bug / MB (5.2 critical)

• .NET - Bug 32 / MB (9.7 critical)

• C ++ - 26 Bug / MB (8.8 critical)

• iOS - 23 Bug / MB (0.9 critical)

• Android - Bug 11 / MB (0.4 critical)

• JavaScript - 8 Bug / MB (0.9 critical)

In fact, it can be assumed that the list of the most vulnerable heads of languages PHP, ColdFusion because it is a niche tool, and Classic ASP is almost dead.

If you look at the problem of PHP in more detail, it appears as follows:

• 86% of applications written in PHP, containing at least one XSS vulnerability;

• 56% are subject to a bug SQLi, and this is one of the easiest to use vulnerabilities in web applications;

• 67% of the applications allow a directory traversal;

• 61% of the applications allow a code injection;

• 58% of applications have problems with credential management;

• 73% of applications contain errors cryptography;

• 50% of the applications may leak information.

It is worth noting that the vulnerability SQLi and XSS are among the ten most dangerous bugs in Web applications, according to the Open Web Application Security Project (OWASP).

© При повному чи частковому використанні матеріалів сайту ДУІКТ гіперпосилання на сайт обов'язкове!
Read also
09:41, 04-07-2024
13:15, 28-06-2024
Бажаєте дізнаватись про особливості вступу у 2024 році?
Підписуйтесь на спільноти спеціальності "125 Кібербезпека" кафедри Інформаційної та кібернетичної безпеки та першим отримуйте новини, сповіщення про важливі події, підготовчі курси, дні відкритих дверей та багато цікавого.

About the department

To the applicant

Views: 4 611
Вступ до магістратури
лише за ЄВІ

за спеціальністю 029 Інформаційна бібліотечна та архівна справа