Is it always the bad coders who introduce security issues or can it be the programming languages too that expose apps to attack? According to one researcher even the languages have inherent flaws that put applications parsed by them at security risk.

IOActive researcher, Fernando Arnaboldi, says that apps “may be susceptible to unpredictable security issues when using certain features from programming languages.” He has focused on top five interpreted programming languages in his research, including JavaScript, Perl, PHP, Python, and Ruby.

"There are a number of possibilities to be abused in different implementations that could affect secure applications. There are unexpected scenarios for the interpreted programming languages parsing the code in Javascript, Perl, PHP, Python and Ruby."

This means that even if an application has been securely developed, it may still carry unidentified vulnerabilities in the underlying programming languages. Since many of these are well known flaws, attackers can potentially target these flaws (in the programming language) to modify app’s behavior or target their users.

“This means applications are only as secure as the programming languages parsing the code.”

In Ruby, for example, the open() function is typically used to request URLs with the open-uri library. However, it can also be used to execute operating system commands remotely with weak input validation and a pipe.

In Python’s example, Arnaboldi said the programming language has “undocumented methods and local environment variables that can be used for OS command execution.” In PHP, certain functions can be passed a constant’s name to execute remote commands; NodeJS could leak file contents through error messages it outputs, and so on.

“The vulnerabilities ultimately impact regular applications parsed by the affected interpreters; however, the fixes should be applied to the interpreters,” Arnaboldi said. “Software developers may unknowingly include code in an application that can be used in a way that the designer did not foresee,” he added. “Some of these behaviors pose a security risk to applications that were securely developed according to guidelines.”

I liked your post, as I just discovered really new and helpful info here. What do you think about Java and Python perspectives? Seems like Python is becoming more and more demanded, meanwhile Java still keeps leadership on digital market. Java developers still can boast with the biggest salaries, here is a very detailed and up-to-date research https://diceus.com/java-developer-salary/ .

Originally Posted by DeenDeen

I liked your post, as I just discovered really new and helpful info here. What do you think about Java and Python perspectives? Seems like Python is becoming more and more demanded, meanwhile Java still keeps leadership on digital market. Java developers still can boast with the biggest salaries, here is a very detailed and up-to-date research https://diceus.com/java-developer-salary/ .

It depends of what you are looking for.If earnings is what interests you then Java will still be king in the near future but Python will continue to grow.
I haven't done a complete research lately though,but I doubt anything worth mentioning has changed.

Originally Posted by Xanadu

It depends of what you are looking for.If earnings is what interests you then Java will still be king in the near future but Python will continue to grow.
I haven't done a complete research lately though,but I doubt anything worth mentioning has changed.

Thanks! Agree!