Is Your Language of Choice a Major Flaw Offender?
In volume 11 of our annual State of Software Security (SOSS) report, we uncovered some valuable nuggets of information about how you, the innovative developers of our world, can craft more secure code. For example, did you know that scanning via API improves the time to remediate 50 percent of security flaws by about 17 days, or that C++ and PHP languages have an alarmingly high number of severe security flaws and need greater attention?
It???s not enough to simply stay on top of the biggest flaw offenders and the latest trends. If you want to improve the quality of your code, you need to take that information and apply it to the tools, processes, and languages that you use every day. Knowing these trends in application security before you sit down to code means you???re prepared to fix them quickly or ??? even better ??? prevent them altogether.
This year???s edition of SOSS comes equipped with a standalone report and an interactive heat map to help you do just that; our Flaw Frequency by Language infosheet explores vulnerability trends in various common languages to highlight everyday risks so that you can get ahead of them. This breakdown of the data, which includes information from 130,000 application scans, tells us which languages tend to house the most critical flaws:
???
If C++, PHP, .Net, or Java are your languages of choice, take note ??? they???re prone to some of the riskiest vulnerabilities around. In fact, a whopping 59 percent of C++ applications have high and very high-severity flaws, with PHP coming in at a close second place.
???
The worm map above is a visual representation of just how prevalent certain flaws are in the languages they impact the most. You can see that (despite being in second place) PHP has a high frequency of risky flaws like Cross-Site Scripting (XSS), cryptographic issues, directory traversal, and information leakage exploits. Another interesting note; you can tell from this worm map that Python and JavaScript are quite similar when it comes to flaw frequency, with fewer occurrences of those high-risk flaws.
???
Further breaking down flaw frequency by language, our interactive heat map is a helpful tool for understanding just how risky some of these exploits can be in your languages of choice. Simply click through the vulnerabilities to see the data, gain insight into why these flaws are so dangerous, and learn how to prepare yourself for tackling these exploits before they become a problem in your code.
Now more than ever, it???s critical that you can write code faster and more efficiently to keep up with the demand for modern software development, all with security at top of mind. When you have the right security tools and knowledge integrated into each stage of your coding process, language-specific exploits don???t have to become roadblocks.
For more information, read our companion guide on flaw frequency by language and click through our interactive heat map to learn about the most prevalent flaws and how to prevent them.
*** This is a Security Bloggers Network syndicated blog from Application Security Research, News, and Education Blog authored by [email protected] (mmcbee). Read the original post at: https://www.veracode.com/blog/secure-development/your-language-choice-major-flaw-offender
