Web Security Myths

Web Security Myths and programming languages.

Posted by

Talking about web security I have come across many computer science people and few novice but concerned oriented people asking me which programming language is best for their website or web application. Some believe that Java is more secure as compared to others. Java of course is popular and its name is known even among those who born in 60s and 70s. You know, a kind of “old is gold” theory is here.

So which one is more secure comparing the popularity among Java, .Net, PHP, Ruby and other web programming languages. It’s still a debate. I visited an institute that day when a career counselor advised me that those who are brilliant students should go for Java, those who are above average should go for .Net and those who are just average or poor should go for PHP. Interesting! Isn’t it. Ha ha ha! Does that mean Facebook is developed by poor students?

Some believe that going for framework is more safe for web security. I argue that a vulnerability, if ever, in any framework is also known to everyone because frameworks are popular. Hackers, generally target CMS or Framework based websites/applications as compared to custom developed applications. Someone may contradict the statement that custom developed applications are not secure. WHY? Well, the answer lies in the security features frameworks provides, like Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), SQL Injection, Customized Error Messages, Data Sanitization and Validation, Directory Traversal and Secure Password.

Who has developed these frameworks? Ofcourse programmers have developed. So, which programming language is more secure? You will surprise to know that all programming languages are equally up and down in most of the features and cannot be compared with anyone. Awesome products are developed by developers in the language they are expert in and likewise the security of website and web application is also the duty of a developer/programmer to take care of. Concluding everything I would say that security of web programming languages lies in the hands of a programmer developing it.

Hiring an expert is costly but long time investment and application safety. That’s all in this article today. See you soon with another interesting topic. Thanks for reading and stay blessed.