[Info-vax] OS implementation languages
Arne Vajhøj
arne at vajhoej.dk
Sat Sep 9 17:35:02 EDT 2023
On 9/9/2023 11:16 AM, Arne Vajhøj wrote:
> PHP does not have many of the common general flaws like
> buffer overflow and memory leak.
>
> PHP got all the features needing for secure web applications.
>
> Some old features that were questionable from a security
> perspective has been removed. Classic example is register_globals
> that been off by default since version 4.2 (21 years ago) and
> was finally removed in version 5.4 (8 years ago).
>
> The most widely used frameworks has added features to make it
> easy to avoid common web security problems. Example: Laravel
> always check for token to prevent CSRF.
And CSRF is a real problem.
On OWASP top ten it made:
2007 - 5th
2010 - 5th
2013 - 8th
2017 - missing
2021 - 10th
2023 API - 7th
Modern web frameworks like PHP Laravel, ASP.NET MVC, RoR,
JSF etc. has builtin anti forgery token support to prevent
CSRF.
Arne
More information about the Info-vax
mailing list