Veracode, a security auditing company published results comparison of programming languages in the context of security written in them code. The report was prepared based on the results of static analysis of more than 130 thousand applications.
There were security problems detected in 76% of tested applications, while 24% of applications found problems were classified as dangerous. In every third application, most of the problems were caused by the use of third-party code and external libraries. In terms of programming languages, dangerous problems were found in 59% of analyzed C ++ applications, 52.6% of PHP applications, 25% – .NET, 23.8% – Java, 9.6% – Python and 8.6% – JavaScript.
When considering all the errors, the most problematic was the PHP code – the most common occurrences in applications are cross-site scripting (74.6%), encryption problems (71.6%), problems with leaving the base directory (64.6%), information leaks (63.3%), problems with initialization with unverified data ( 61.7%) and the possibility of code substitution (48%).
In C ++ projects, the most common problems are associated with incorrect error handling (66.5%) and working with buffers (46.8%).
In Java code, the leading problems with line feed substitution (64.4%) and code quality problems (54.3%). In Python applications, problems with cryptography (35%) and cross-site scripting (22.2%) are ranked first. JavaScript is dominated by cross-site scripting (31.5%) and account management errors (29.6%).
a>