Study Finds Common Scripting Languages Riddled With Vulnerabilities

Most Web-based applications today are written in common languages like PHP, Java, ASP and Ruby. These languages certainly facilitate the creation of powerful apps, but they also lead to some potentially crippling vulnerabilities, a new study from cloud-based app security vendor Veracode claimed.

According to Veracode's findings, most applications written in common scripting languages contain SQL injection bugs that make it easy for hackers to attack them. The researchers found that PHP contained the greatest number of vulnerabilities, with 86 percent of the applications they studied turning up at least on SQL injection bug. Java proved to be among the most secure, where only 29 percent of applications written in the language had the same bug.

"When I see a breach, one of the things that sticks out in my head is 'I'll bet that was a PHP site,'" Chris Wysopal, founder and CTO of Veracode, told Dark Reading. "If I put on my attacker hat and want to break into a site, I'm going to find PHP sites."

In a day and age where so many organizations – including those that deal with sensitive customer or internal data – rely on Web-based applications to run their businesses, these kinds of vulnerabilities can lead to data breaches or performance issues that negatively impact key processes. But these applications are here to stay, so business leaders and IT departments have to find ways to obtain that functionality without compromising security.

One way to do that is through a high-function, mature and reliable Web-based terminal emulator like Flynet Viewer. Written in HTML, CSS and Javascript, Flynet can be installed on any devices and gives you access to your mainframes through a Web-based application that is customizable, secure and easy to use. Flynet Viewer is not implemented in any of the languages found to be vulnerable and has passed a rigorous security audit by one of the big eight management consultants.