Veracode discovers the main security issues facing specific programming languages
“Knowing these trends in application security before you sit down to code means you’re ready to fix them quickly, or better yet, avoid them altogether,” wrote Meghan McBee, senior content marketing manager at Veracode, in one Publish. “If C ++, PHP, .Net, or Java are your languages of choice, take note that they are subject to some of the more risky vulnerabilities. In fact, 59% of C ++ applications have high and very high severity vulnerabilities, with PHP coming in second. “
RELATED CONTENT: Developers purchasing security tasks
The company has developed an interactive heat map to display major programming languages and their flaws, as well as how those flaws can be avoided.
According to the heatmap, the main vulnerabilities in .NET include: information leakage, code quality, insufficient entry, validation, and cryptographic issues. C ++ issues are: error handling, buffer handling errors, numeric errors, directory traversal, and cryptographic issues. Java includes CRLF injection, code quality, information leaks, cryptographic issues, and directory traversal.
“It is unrealistic to expect developers to write project code every time they work on an application, but it is essential that they be able to find and fix vulnerabilities according to a schedule that will not create more bottlenecks. Implementing secure coding practices and increasing developer know-how for per-language vulnerabilities can help ensure that the security of your applications (and sensitive data) is where it needs to be to keep up. modern software development, ”said the company in its Software Security Status: Defect Frequency Report by Language.
The full list of issues is available here.