[Info-vax] OS implementation languages
Chris Townley
news at cct-net.co.uk
Sat Sep 9 19:22:28 EDT 2023
On 09/09/2023 22:35, Arne Vajhøj wrote:
> On 9/9/2023 11:16 AM, Arne Vajhøj wrote:
>> PHP does not have many of the common general flaws like
>> buffer overflow and memory leak.
>>
>> PHP got all the features needing for secure web applications.
>>
>> Some old features that were questionable from a security
>> perspective has been removed. Classic example is register_globals
>> that been off by default since version 4.2 (21 years ago) and
>> was finally removed in version 5.4 (8 years ago).
>>
>> The most widely used frameworks has added features to make it
>> easy to avoid common web security problems. Example: Laravel
>> always check for token to prevent CSRF.
>
> And CSRF is a real problem.
>
> On OWASP top ten it made:
>
> 2007 - 5th
> 2010 - 5th
> 2013 - 8th
> 2017 - missing
> 2021 - 10th
> 2023 API - 7th
>
> Modern web frameworks like PHP Laravel, ASP.NET MVC, RoR,
> JSF etc. has builtin anti forgery token support to prevent
> CSRF.
>
> Arne
>
CSRF - what is it?
--
Chris
More information about the Info-vax
mailing list