If you're a developer writing code in .NET, C++, Java, JavaScript, PHP or Python, new research highlights the main security vulnerabilities you need to watch out for.
Static code analysis security firm Veracode has released numbers on the types of vulnerabilities that are most prevalent in 130,000 apps it scanned for security issues.
It has looked at bug trends across apps written in .NET, C++, Java, JavaScript, PHP or Python. The numbers are compiled in Veracode's State of Software Security volume 11 report[1].
For JavaScript, the most popular language for front-end development, Veracode found that 31.5% of these apps have at least one cross-site scripting (XSS) flaw, while it found 74.6% of apps written in PHP have at least one XSS flaw. Additionally, 71% of PHP apps have cryptographic issues.
The main issue for applications written in .NET is information leakage, found in 62.8% of .NET apps, while for C++ error handling is the top issue, found in 66.5% of these apps.
And for Java apps, the top flaw found is Carriage Return or Line Feed or CRLF injection, present in 64.4% of them. Finally, the top security problem for Python apps, present in 35% of them, relates to cryptography.
There is also a major difference between the severity of flaws found in apps in each language. Veracode found that 59% of apps written in C++ and 52% of apps written in PHP have high-severity flaws. However, it found only 9.6% of apps written in JavaScript have high-severity flaws. The high-severity flaw figure for Java is 24%.
Veracode chief research officer Chris Eng explained to ZDNet why some of these trends in vulnerabilities in apps written in different languages are occurring and how to ensure they don't become