WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Languages/platforms used for Web apps. Any stats?

From: "Mark Curphey" <mark () curphey com>
Date: Sat, 25 Jun 2005 08:08:32 -0400
Large organizations tend to use Java and .NET
Small to Medium Size organizations often tend to use LAMP
(Exceptions exist everywhere in life)
People on discussion lists / BBS tend to be the passionate few
Passionate people tend to work for smaller companies

Therefore I would suggest that the reporting on the number of issues with
PHP is not a good indication of its security posture due to;

A disproportionate amount of bugs reported versus actual implementations
The might be explained by a bias of a type of person talking about things
they use in public (whereas their counterpart typically discusses this less
(less passion maybe ;-)) 

Also if the cost of entry is low, you will see less commitment. Less
commitment will = less security. That is to say if my grand mother can write
a simple PHP app but not "fast CCGI" then chances are she will not be able
to write secure apps in either. One has a chance of making it on the net,
the other not.  

At work I honestly can't remember the last time we reviewed a PHP app for a
client. This maybe because we mainly deal with Fortune 1000 / gov (larger
orgs) but for us it would be less that 0.5 percent.

That said if you take a look at some of the fundamental language issues as
AJV suggested I would hypothesis PHP has a lot to work with. Also if you
look at ASP.NET you would struggle to disagree that MS have not done a good
job of making security easy (especially in ASP.NET 2.0) for the drag and
drop brigade.  




-----Original Message-----
From: prep () prep synonet com [mailto:prep () prep synonet com] 
Sent: Saturday, June 25, 2005 4:26 AM
To: livshits () cs stanford edu
Cc: webappsec () securityfocus com
Subject: Re: Languages/platforms used for Web apps. Any stats?

The best source I know of is Netcraft,
http://www.netcraft.net

They do regular update on who is running what for servers and on a lesser
basis, apps as well.

-- 
Paul Repacholi                               1 Crescent Rd.,
+61 (08) 9257-1001                           Kalamunda.
                                             West Australia 6076
comp.os.vms,- The Older, Grumpier Slashdot Raw, Cooked or Well-done, it's
all half baked.
EPIC, The Architecture of the future, always has been, always will be.
Previous By Date Next
Previous By Thread Next

Current thread: