Top 10 insecure programming languages

New research shows that scripting languages cause web vulnerabilities

To this news, I was like.WHHHHHHHAAAAAAAAAAttt?? But it is true. A new research showed that scripting languages, in general, spawn security vulnerabilities regarding web applications. Now this got many on the web their panties got all twisted. As millions are websites are now under potential security bugs that earlier we weren’t aware of.

Veracode, an app security firm has recently released its State Of Security: Focus On Application Development report. The PDF  is available too. In this report the analyzed data of over 200,000 separate application from Oct 31st, 2013, to March 31st, 2015 is present.

To prepare this report, security researchers crawled through most of the popular languages including but not limited to

  • PHP,
  • Java,
  • JavaScript,
  • Ruby,
  • .NET,
  • C and C++,
  • Microsoft Classic ASP,
  • Android,
  • iOS,
  • and COBOL

and alongside it hundreds of thousands of applications for the past 18 months.

Now the comparison they used for the graphical statistics of the languages is with OWASP(Online web Application Security project). The analysis was how much of the passing rate of individual programming language was with OWASP. In short Classic AHP  and ColdFusion are the riskiest programs and java and net are the safest of the bunch. But safe doesn’t mean completely shielded. So here below is the stat of each program.

unsafe programming languages

This below is the list of Top 10 insecure programs,
  • Classic ASP – Has 1,686 flaws/MB (1,112 of them are critical)
  • ColdFusion –Has 262 flaws/MB (227 of them are  critical)
  • PHP –Has 184 flaws/MB (47 of them are  critical)
  • Java –Has 51 flaws/MB (5.2 of them are critical)
  • .NET -Has 32 flaws/MB (9.7 of them are critical)
  • C/C++ –Has 26 flaws/MB (8.8 of them are critical)
  • iOS –Has 23 flaws/MB (0.9 of them are critical)
  • Android –Has 11 flaws/MB (0.4 of them are critical)
  • JavaScript -Has 8 flaws/MB (0.09 of them are critical)

 

The most vulnerable web apps are the ones that got PHP ..but why? Is PHP at the third position? The reason for that is ColdFusion is for niche users and Classic ASP is not taken any heed to.

A close inspection of PHP shows the following vulnerabilities

  • Almost 86% of applications written in PHP have at least one XSS vulnerability
  • 56% of apps included SQLi (SQL injection), which is easily exploitable…Read (Hack puts kid/parents data in danger)
  • 67% of apps aren’t immune to directory traversal.
  • 61% of apps aren’t immune to code injection.
  • 58% of apps had problems with managing credentials
  • 73% of apps are storehouse for cryptographic issues
  • 50% aren’t immune to information leakage.

Now we know that OWASP almost never changes, but the new security vulnerabilities always pop up putting SQL and XSS (Cross Site Scripting) right at the top of Owasp

Now about how to tackle all this:

Using scripting language wisely is your salvation. Less then a quarter of java applications have SQL flaws which is much lower than PHP.

“Knowledge is amazing but is inconsequential if there is no wisdom behind that knowledge’s usage”

 

 

 

BackBox Requirements Linux 4.4 System

Backbox requirements

What is BackBox Requirements?

It is Linux distro based on Ubuntu.  It is widely used for Penetration Testing and Security auditing. It has lots of Penetration tools. The backbox requirements for Latest release of BackBox

system requirements backbox Linux 4.4

Do you think about Live CD or USB?

It is true, you can run  live OS by DVD/USB drive. If you want to install on Virtualbox or Hard drive. Before start installation you should be aware about requirements for run and install BackBox.

Here is BackBox system Requirements:

  • 32-bit or 64-bit processor
  • 512 MB of system memory (RAM)
  • 6 GB of disk space for installation
  • Graphics card capable of 800×600 resolution
  • DVD-ROM drive or USB port (2 GB)

 

BackBox Linux 4.4 released

BackBox Linux 4.4 realsed

Ubunut 14.04 based Penetration Testing Distribution BackBox Linux 4.4 released

Officially BackBox Linux 4.4 released, announced by its team, This release have included some new special features to make it up to date of security world. this is a great released for hackers and pententester
Do you want download it ?
Yes, I know your feelings and I am going to provide locations where you can download latest ISO images

http://www.backbox.org/downloads

BackBox Linux 4.4 released

What is new in this release?
Let’s know

  • according blog post by  team the new added features are following
  • Preinstalled Linux Kernel 3.19
  • New Ubuntu 14.04.3 base
  • Ruby 2.1
  • Installer with LVM and Full Disk Encryption options
  • Handy Thunar custom actions
  • RAM wipe at shutdown/reboot
  • System improvements
  • Upstream components
  • Bug corrections
  • Performance boost
  • Improved Anonymous mode
  • Automotive Analysis category
  • Predisposition to ARM architecture (armhf Debian packages)
  • Predisposition to Cloud platform
  • New and updated hacking tools: apktool, armitage, beef-project, can-utils, dex2jar, fimap, jd-gui, metasploit-framework, openvas, setoolkit, sqlmap, tor, weevely, wpscan, zaproxy, etc.

Requirement for this Linux 4.4 Operating System

Check out system requirement here