Comments on: The PHP App Insecurity Top 20 http://www.cerias.purdue.edu/weblogs/coj/secure-it-practices/post-86/the-php-app-security-top-20/ Privacy, Security and Information Assurance issues Fri, 16 May 2008 03:36:21 +0000 http://wordpress.org/?v=2.5.1 By: GiGi http://www.cerias.purdue.edu/weblogs/coj/secure-it-practices/post-86/the-php-app-security-top-20/#comment-48438 GiGi Thu, 19 Apr 2007 16:41:22 +0000 http://www.cerias.purdue.edu/weblogs/coj/secure-it-practices/post-86/the-php-app-security-top-20/#comment-48438 So what can we do about it? Not using those software or use something else, even Microsoft product does not save neither. Can Firwall help a lot but how? So what can we do about it?

Not using those software or use something else, even Microsoft product does not save neither.

Can Firwall help a lot but how?

]]> By: Ed Finkler http://www.cerias.purdue.edu/weblogs/coj/secure-it-practices/post-86/the-php-app-security-top-20/#comment-48428 Ed Finkler Thu, 19 Apr 2007 15:12:58 +0000 http://www.cerias.purdue.edu/weblogs/coj/secure-it-practices/post-86/the-php-app-security-top-20/#comment-48428 It might give a hint, but it could also be very misleading. PHP is a unique case in terms of widespread popularity and shallow learning curve. Doing "oranges to oranges" comparisons between a forum written in Perl and one done in PHP, and trying to extrapolate that to judge the security "potential" of the language itself, would be ignoring a huge number of significant variables. Even the data I present here isn't black and white, as there are a lot of issues that could contribute to higher or lower ratings. It might give a hint, but it could also be very misleading. PHP is a unique case in terms of widespread popularity and shallow learning curve. Doing “oranges to oranges” comparisons between a forum written in Perl and one done in PHP, and trying to extrapolate that to judge the security “potential” of the language itself, would be ignoring a huge number of significant variables. Even the data I present here isn’t black and white, as there are a lot of issues that could contribute to higher or lower ratings.

]]> By: Ryan http://www.cerias.purdue.edu/weblogs/coj/secure-it-practices/post-86/the-php-app-security-top-20/#comment-48409 Ryan Thu, 19 Apr 2007 12:43:26 +0000 http://www.cerias.purdue.edu/weblogs/coj/secure-it-practices/post-86/the-php-app-security-top-20/#comment-48409 I think it would be far more interesting to merge this list with one for Perl, Python, Ruby, Java, and .net based applications as well. A broad sampling of applications from all those platforms would give a hint as to how difficult it is to code a secure web applications in each language. I think it would be far more interesting to merge this list with one for Perl, Python, Ruby, Java, and .net based applications as well. A broad sampling of applications from all those platforms would give a hint as to how difficult it is to code a secure web applications in each language.

]]>