Top 10 vulnerable languages for web app

comp.lang.ada
 help / color / mirror / Atom feed

* Top 10 vulnerable languages for web app
@ 2015-12-04 18:10 mockturtle
  2015-12-04 18:34 ` David Botton
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: mockturtle @ 2015-12-04 18:10 UTC (permalink / raw)


Not strictly Ada-related, but I guess of some interest to this group...

According to the following article

   http://thehackernews.com/2015/12/programming-language-security.html

Veracode published a report (available at https://goo.gl/QVSF1t , registration required) about vulnerabilities in web applications. PHP is at third place, after ColdFusion and Classic ASP (never heard of them...)

One thing caught my attention in the article.  It says: 

  "...The security researchers crawled popular web scripting languages including 
PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android, 
iOS, and COBOL"
         ^^^^^

COBOL a scripting language?!?

Enjoy

Riccardo


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Top 10 vulnerable languages for web app
  2015-12-04 18:10 Top 10 vulnerable languages for web app mockturtle
@ 2015-12-04 18:34 ` David Botton
  2015-12-04 20:22   ` mockturtle
  2015-12-04 20:26   ` mockturtle
  2015-12-05 17:12 ` Per Sandberg
  2016-01-02  0:13 ` Norman Worth
  2 siblings, 2 replies; 8+ messages in thread
From: David Botton @ 2015-12-04 18:34 UTC (permalink / raw)


> COBOL a scripting language?!?

Is ok, they list iOS and Android as languages too, at least COBOL could be used for "scripting".

David Botton

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Top 10 vulnerable languages for web app
  2015-12-04 18:34 ` David Botton
@ 2015-12-04 20:22   ` mockturtle
  2015-12-04 20:26   ` mockturtle
  1 sibling, 0 replies; 8+ messages in thread
From: mockturtle @ 2015-12-04 20:22 UTC (permalink / raw)


On Friday, December 4, 2015 at 7:34:56 PM UTC+1, David Botton wrote:
> > COBOL a scripting language?!?
> 
> Is ok, they list iOS and Android as languages too, at least COBOL could be used for "scripting".
> 
> David Botton

Right, I did not notice iOS and Android...

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Top 10 vulnerable languages for web app
  2015-12-04 18:34 ` David Botton
  2015-12-04 20:22   ` mockturtle
@ 2015-12-04 20:26   ` mockturtle
  2015-12-05  1:00     ` Paul Rubin
  1 sibling, 1 reply; 8+ messages in thread
From: mockturtle @ 2015-12-04 20:26 UTC (permalink / raw)


On Friday, December 4, 2015 at 7:34:56 PM UTC+1, David Botton wrote:
> > COBOL a scripting language?!?
> 
> Is ok, they list iOS and Android as languages too, at least COBOL could be used for "scripting".
> 
> David Botton

By the way, it would be amusing (for some value of "amusing") to code a web app in COBOL...


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Top 10 vulnerable languages for web app
  2015-12-04 20:26   ` mockturtle
@ 2015-12-05  1:00     ` Paul Rubin
  2016-04-08 22:37       ` Daniel Otte
  0 siblings, 1 reply; 8+ messages in thread
From: Paul Rubin @ 2015-12-05  1:00 UTC (permalink / raw)


mockturtle <framefritti@gmail.com> writes:
> By the way, it would be amusing (for some value of "amusing") to code
> a web app in COBOL...

Always my favorite:  http://coboloncogs.org


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Top 10 vulnerable languages for web app
  2015-12-04 18:10 Top 10 vulnerable languages for web app mockturtle
  2015-12-04 18:34 ` David Botton
@ 2015-12-05 17:12 ` Per Sandberg
  2016-01-02  0:13 ` Norman Worth
  2 siblings, 0 replies; 8+ messages in thread
From: Per Sandberg @ 2015-12-05 17:12 UTC (permalink / raw)


They must be "security experts" ;)


Den 2015-12-04 kl. 19:10, skrev mockturtle:
> Not strictly Ada-related, but I guess of some interest to this group...
>
> According to the following article
>
>     http://thehackernews.com/2015/12/programming-language-security.html
>
> Veracode published a report (available at https://goo.gl/QVSF1t , registration required) about vulnerabilities in web applications. PHP is at third place, after ColdFusion and Classic ASP (never heard of them...)
>
> One thing caught my attention in the article.  It says:
>
>    "...The security researchers crawled popular web scripting languages including
> PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android,
> iOS, and COBOL"
>           ^^^^^
>
> COBOL a scripting language?!?
>
> Enjoy
>
> Riccardo
>


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Top 10 vulnerable languages for web app
  2015-12-04 18:10 Top 10 vulnerable languages for web app mockturtle
  2015-12-04 18:34 ` David Botton
  2015-12-05 17:12 ` Per Sandberg
@ 2016-01-02  0:13 ` Norman Worth
  2 siblings, 0 replies; 8+ messages in thread
From: Norman Worth @ 2016-01-02  0:13 UTC (permalink / raw)


On 12/4/2015 11:10 AM, mockturtle wrote:
> Not strictly Ada-related, but I guess of some interest to this group...
>
> According to the following article
>
>     http://thehackernews.com/2015/12/programming-language-security.html
>
> Veracode published a report (available at https://goo.gl/QVSF1t , registration required) about vulnerabilities in web applications. PHP is at third place, after ColdFusion and Classic ASP (never heard of them...)
>
> One thing caught my attention in the article.  It says:
>
>    "...The security researchers crawled popular web scripting languages including
> PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android,
> iOS, and COBOL"
>           ^^^^^
>
> COBOL a scripting language?!?
>
> Enjoy
>
> Riccardo
>
The lesson seems to be that typical interpretive scripting languages are 
dangerous for the web.  Note that C and C++, while a bit vulnerable, are 
far safer than the scripting languages, and that interpreted languages 
are more susceptible to the more dangerous maladies like code insertion 
and command insertion.  Not surprising, really, when you consider how 
they work.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Top 10 vulnerable languages for web app
  2015-12-05  1:00     ` Paul Rubin
@ 2016-04-08 22:37       ` Daniel Otte
  0 siblings, 0 replies; 8+ messages in thread
From: Daniel Otte @ 2016-04-08 22:37 UTC (permalink / raw)


On 05.12.2015 02:00, Paul Rubin wrote:
> mockturtle <framefritti@gmail.com> writes:
>> By the way, it would be amusing (for some value of "amusing") to code
>> a web app in COBOL...
> 
> Always my favorite:  http://coboloncogs.org
> 
I can add: http://azac.pl/cobol-on-wheelchair/


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2016-04-08 22:37 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-04 18:10 Top 10 vulnerable languages for web app mockturtle
2015-12-04 18:34 ` David Botton
2015-12-04 20:22   ` mockturtle
2015-12-04 20:26   ` mockturtle
2015-12-05  1:00     ` Paul Rubin
2016-04-08 22:37       ` Daniel Otte
2015-12-05 17:12 ` Per Sandberg
2016-01-02  0:13 ` Norman Worth

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox