WebApp Sec mailing list archives
RE: [OWASP-GUIDE] Question concerning usage of languages for webapps
From: "Imperva Application Defense Center" <adc () imperva com>
Date: Sun, 16 May 2004 14:05:16 +0200
Dear List, I have to say I find the results troublingm, as they are very open-source oriented, rather than real-world industry oriented. Our company has performed several hundred PT's in the last few years. Only very few were PHP (less than 5). I agree you may find many PHP sites online, but the majority of these sites are free or small sites. Most commercial organizations that run business applications do not use PHP, but rather one of the commercial infrastructures. Same reference goes to perl. Perl has lost most of its popularity in real world web applications. It can still be seen often, again, in non commercial sites, yet it is not as widely used as it was used 5-7 years ago, when CGI's were the main stream of web applcations. On the other hand, I find the low ranking of ASP applications very surprising. This is, of course, an old technology, which is slowly being replaced with ASP.Net, yet is still widely used (and probably still used a lot more than ASP.Net). Therefore, although new applications written from scratch are likely to be written in ASP.Net, there is a lot of code that is still being written in ASP, as part of existing applications, which makes it, in my opinion, probably the most important or second most important infrastructure. It is my belief that such as document should refer to what's mostly used in the industry, and therefore put the two main commercial technologies (mainly ASP/ASP.Net and Java/JSP) as the top priority. As for other content infrastructure, such as ColdFusion, Vignette, DB-Specific environments, etc - There are so many of them, that I think there should be general guidelines, which shold be written clear enough so that developers will be able to deduct from them about the specific technology in use. Sincerely, Ofer Maor Application Defense Center Manager Imperva(tm) Inc. http://www.imperva.com/adc/ -----Original Message----- From: Adrian Wiesmann [mailto:awiesmann () swordlord org] Sent: Friday, May 14, 2004 7:59 PM To: webappsec () securityfocus com Subject: Re: [OWASP-GUIDE] Question concerning usage of languages for webapps Hello list Thank you for your help concerning my question about web application languages usage. Please note that I neither counted the total sum of replies nor is the list below in any way representative. I only use it to decide on which language to cover in the OWASP Guide v2. Here are the results in one simple list. The numbers below the language names represent the number of time the language was mentioned (so one user could mention multiple languages, but every language only one time). One speciality is the ASP.NET line. The number left of the equals sign is the total number of mentionings and the numbers on the right define which languages are used within the .NET framework. This means that one developer can use both c# and vb.net. (But this counts only once.) PHP 14 Java/JSP 10 Perl 9 (one person said perl for backend purposes and php for frontend) ASP.NET (undefined/C#/VB.NET) 9 = 5 / 3 / 2 ASP 5 Python 3 PL/SQL 2 TSQL 2 ColdFusion 1 Sybase PowerScript 1 TCL 1 C 1 Delphi 1 JavaScript 1 The interpretation of the result is yours :) Thanks again for your help, Adrian
Current thread:
- RE: [OWASP-GUIDE] Question concerning usage of languages for webapps Imperva Application Defense Center (May 16)
- Re: [OWASP-GUIDE] Question concerning usage of languages for webapps Adrian Wiesmann (May 16)
- RE: [OWASP-GUIDE] Question concerning usage of languages for webapps Chris Todd (May 17)
- <Possible follow-ups>
- RE: [OWASP-GUIDE] Question concerning usage of languages for webapps Imperva Application Defense Center (May 17)
- RE: [OWASP-GUIDE] Question concerning usage of languages for webapps Imperva Application Defense Center (May 17)