Most Web-based applications today are written in common languages like PHP, Java, ASP and Ruby. These languages certainly facilitate the creation of powerful apps, but they also lead to some potentially crippling vulnerabilities, a new study from cloud-based app security vendor Veracode claimed.
According to Veracode's findings, most applications written in common scripting languages contain SQL injection bugs that make it easy for hackers to attack them. The researchers found that PHP contained the greatest number of vulnerabilities, with 86 percent of the applications they studied turning up at least on SQL injection bug. Java proved to be among the most secure, where only 29 percent of applications written in the language had the same bug.
"When I see a breach, one of the things that sticks out in my head is 'I'll bet that was a PHP site,'" Chris Wysopal, founder and CTO of Veracode, told Dark Reading. "If I put on my attacker hat and want to break into a site, I'm going to find PHP sites."
In a day and age where so many organizations – including those that deal with sensitive customer or internal data – rely on Web-based applications to run their businesses, these kinds of vulnerabilities can lead to data breaches or performance issues that negatively impact key processes. But these applications are here to stay, so business leaders and IT departments have to find ways to obtain that functionality without compromising security.