Dont Blame It On The Web Programming Platform

New data shows no one Web development platform generates more vulnerabilities than another -- and website security is still a problem.

The web programming language you pick doesnt dictate your websites security: New data on website vulnerabilities shows that no one platform is more secure than another.
WhiteHat Securitys 2014 Website Security Statistics Report published today concludes that .NET accounts for over 28% of websites, followed by Java (25%), and ASP (16%) among more than 30,000 websites. No languages were more secure than others, says Gabriel Gumbs, a director in WhiteHat Securitys solutions architecture group and the lead researcher for the report. Bottom line: There was no major difference in the number of vulnerabilities found among websites using the various languages.
.NET had an average of 11.36 vulnerabilities, followed by Java (11.32), ASP (10.98), Perl (7), and ColdFusion (6).
The report also shows that website security is not improving overall. While website operators are doing a better job at remediating flaws, their applications over time dont necessarily become more bug-free. In the same breath, new applications are not showing any major improvements over the applications we see year over year. Its about the same, and thats moving backwards, says Gumbs. The new stuff they are developing isnt necessarily more secure.
Gumbs says that could be the result of new functions or features that introduce complexity, and per usual, more security flaw possibilities.
Chris Eng, vice president of research at Veracode, says WhiteHats report basically jibes with his companys own data on software vulnerabilities. Its numbers were similar when it came to remediating flaws, for instance, he says. In our data, we see that certain categories [of bugs] are getting fixed reasonably quickly, says Eng, whose company scans vendors and other developers software code for flaws via a cloud-based service.
WhiteHats Gumbs, meanwhile, says the reports data on legacy applications was most telling. Their remediation rates were on par with all new applications, he says, pointing to the older ASP platform popular in the financial and insurance industries, according to WhiteHat data.
A lot of applications you simply cant get rid of, he says.
The most prevalent vulnerability was cross-site scripting, which made a comeback to the top spot after losing its top ranking to information leakage last year. The other four in this years top five (in order) were information leakage, content spoofing, HTTP response splitting, and predictable resource allocation.
People are not picking languages based on security implications. Thats true and will continue to be true. Its where developers have skillsets and what can get the functionality done, Eng says. Security is going to be fifth or sixth on the list.
The full WhiteHat report is available for download
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Dont Blame It On The Web Programming Platform