Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Apollo, Bibliotik, RED, BitMe, BitMeTV, IPT, TL, PHD etc!



Results 1 to 4 of 4
Like Tree10Likes
  • 7 Post By Xanadu
  • 1 Post By DeenDeen
  • 1 Post By Xanadu
  • 1 Post By DeenDeen

Thread: 5 programming languages that have hidden exploitable flaws exposing apps to attacks

  1. #1
    Trial Moderator
    Xanadu's Avatar
    Reputation Points
    221516
    Reputation Power
    100
    Join Date
    Apr 2014
    Posts
    5,634
    Time Online
    205 d 3 h 57 m
    Avg. Time Online
    3 h 21 m
    Mentioned
    681 Post(s)
    Quoted
    139 Post(s)
    Liked
    9806 times
    Feedbacks
    172 (100%)

    5 programming languages that have hidden exploitable flaws exposing apps to attacks

    Is it always the bad coders who introduce security issues or can it be the programming languages too that expose apps to attack? According to one researcher even the languages have inherent flaws that put applications parsed by them at security risk.

    IOActive researcher, Fernando Arnaboldi, says that apps “may be susceptible to unpredictable security issues when using certain features from programming languages.” He has focused on top five interpreted programming languages in his research, including JavaScript, Perl, PHP, Python, and Ruby.

    "There are a number of possibilities to be abused in different implementations that could affect secure applications. There are unexpected scenarios for the interpreted programming languages parsing the code in Javascript, Perl, PHP, Python and Ruby."

    This means that even if an application has been securely developed, it may still carry unidentified vulnerabilities in the underlying programming languages. Since many of these are well known flaws, attackers can potentially target these flaws (in the programming language) to modify app’s behavior or target their users.

    “This means applications are only as secure as the programming languages parsing the code.”

    In Ruby, for example, the open() function is typically used to request URLs with the open-uri library. However, it can also be used to execute operating system commands remotely with weak input validation and a pipe.

    In Python’s example, Arnaboldi said the programming language has “undocumented methods and local environment variables that can be used for OS command execution.” In PHP, certain functions can be passed a constant’s name to execute remote commands; NodeJS could leak file contents through error messages it outputs, and so on.

    “The vulnerabilities ultimately impact regular applications parsed by the affected interpreters; however, the fixes should be applied to the interpreters,” Arnaboldi said. “Software developers may unknowingly include code in an application that can be used in a way that the designer did not foresee,” he added. “Some of these behaviors pose a security risk to applications that were securely developed according to guidelines.”

  2. #2
    New user DeenDeen's Avatar
    Reputation Points
    10
    Reputation Power
    1
    Join Date
    Feb 2018
    Posts
    8
    Time Online
    1 h 37 m
    Avg. Time Online
    1 m
    Mentioned
    0 Post(s)
    Quoted
    2 Post(s)
    Liked
    2 times
    Feedbacks
    0
    I liked your post, as I just discovered really new and helpful info here. What do you think about Java and Python perspectives? Seems like Python is becoming more and more demanded, meanwhile Java still keeps leadership on digital market. Java developers still can boast with the biggest salaries, here is a very detailed and up-to-date research https://diceus.com/java-developer-salary/ .
    Xanadu likes this.

  3. #3
    Trial Moderator
    Xanadu's Avatar
    Reputation Points
    221516
    Reputation Power
    100
    Join Date
    Apr 2014
    Posts
    5,634
    Time Online
    205 d 3 h 57 m
    Avg. Time Online
    3 h 21 m
    Mentioned
    681 Post(s)
    Quoted
    139 Post(s)
    Liked
    9806 times
    Feedbacks
    172 (100%)
    Quote Originally Posted by DeenDeen View Post
    I liked your post, as I just discovered really new and helpful info here. What do you think about Java and Python perspectives? Seems like Python is becoming more and more demanded, meanwhile Java still keeps leadership on digital market. Java developers still can boast with the biggest salaries, here is a very detailed and up-to-date research https://diceus.com/java-developer-salary/ .
    It depends of what you are looking for.If earnings is what interests you then Java will still be king in the near future but Python will continue to grow.
    I haven't done a complete research lately though,but I doubt anything worth mentioning has changed.

  4. #4
    New user DeenDeen's Avatar
    Reputation Points
    10
    Reputation Power
    1
    Join Date
    Feb 2018
    Posts
    8
    Time Online
    1 h 37 m
    Avg. Time Online
    1 m
    Mentioned
    0 Post(s)
    Quoted
    2 Post(s)
    Liked
    2 times
    Feedbacks
    0
    Quote Originally Posted by Xanadu View Post
    It depends of what you are looking for.If earnings is what interests you then Java will still be king in the near future but Python will continue to grow.
    I haven't done a complete research lately though,but I doubt anything worth mentioning has changed.
    Thanks! Agree!
    Xanadu likes this.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •