7 Programming Languages Most Likely to Be Exploited by Cyber Attackers

by Ashraful Haque 1,716 views0

Whether you’re looking to update existing knowledge or acquire new skills, knowing the security implications of the language in question is critical to bolstering your application against security compromises. All software and computing systems are developed with programming languages; if not properly handled, programming language vulnerabilities eventually become exploitable software vulnerabilities.

Source: Duncan Hull / Flickr Creative Commons.
Source: Duncan Hull / Flickr Creative Commons.

What is a programming language?

For the uninitiated, a programming language is a systematic way to write coded instructions for a computing system to understand and execute. Programming languages are used to develop software programs, scripts, and other sets of instructions for computers to execute. C, C++, PHP, SQL, and Java are popular programming languages.

Some popular programming languages. Source: Daniel Iversen / Flickr Creative Commons.
Some popular programming languages. Source: Daniel Iversen / Flickr Creative Commons.

What is a programming language vulnerability?

Programming language vulnerabilities are weaknesses that permit cyber attackerseither via input or due to an explicit deviance in the codeto write and insert or execute malicious instructions to gain some advantage.

The following are 7 programming languages most likely to be exploited by cyber attackers.

7. ColdFusion

Source: adobe.com.
Source: adobe.com.

ColdFusion is a rapid application development (RAD) platform for building modern web applications. Designed to be expressive and powerful, ColdFusion consists of an application server framework that works with various web servers and databases to deliver dynamic content on-the-fly. In the past cyber attackers have installed data-stealing malware with ColdFusion that works as a module for Microsoft’s Internet Information Services (IIS) Web server software.

6. PHP

Source: php.net.
Source: php.net.

PHP is a highly popular programming language that serves as the foundation for leading open source content management systems (CMS) such as Drupal, Joomla, and WordPress. Cyber attackers have been successful in using various web scripting exploitation methods like SQL injection, XSS (Cross Site Scripting), and Source Code Revelation to compromise PHP web applications.

5. ASP

Source: microsoft.com.
Source: microsoft.com.

Microsoft’s Active Server Pages (ASP)—also known as Classic ASP—is a platform that enables scripts in web pages to be executed by a web server—usually Microsoft IIS. ASP applications’ security gaps usually involve input data that is not validated and sanitized.

4. Visual Basic

Source: microsoft.com.
Source: microsoft.com.

Visual Basic—also referred to as Visual Basic.NET or VB—is a major revision of earlier Microsoft VB products.  The object-oriented language is prone to a exploitation tactic called buffer overflowing. For example, Microsoft Animation ActiveX control in Visual Basic 6.0 allows remote cyber attackers to run arbitrary code via an AVI video file, causing memory corruption and allocation errors. Visual Basic applications are also prone to race conditions: an undesirable situation involving a device or system attempting to perform two or more sequential operations at the same time.

3. C#

Source: Wikimedia Commons.
Source: Wikimedia Commons.

C# (pronounced “C Sharp”) is a language that uses the fundamental operators and style of the C++ language while borrowing some concepts from Visual Basic. C# alleviates many common exploits such as buffer overflows and significantly improves the state of race conditions. With the .NET framework, C# allows applications to be scanned for vulnerabilities. However, C# is prone to other web application exploits, including SQL injection, packet-sniffing, session hacking, and cross-site scripting attacks.

2. JavaScript

Source: Nathan Smith / Flickr Creative Commons.
Source: Nathan Smith / Flickr Creative Commons.

JavaScript is a programming language used on web pages to make them more interactive. A more common JavaScript security vulnerability are cross-site scripting (XSS) weaknesses: flaws that allow cyber attackers to manipulate websites to return malicious scripts to visitors. These malicious scripts then execute on the client side in a manner determined by the attacker.

1. Java

Source: Wikimedia Commons.
Source: Wikimedia Commons.

Java remains most widely-used programming language used today; subsequently, its security weaknesses and flaws are also well-known. The language is multi-threaded (i.e., can handle multiple requests/processes) and can lead to some deadlock (two or more competing actions waiting for the other to finish) and race conditions if bad programming practices are used and exploited by cyber attackers.

The chart below summarizes each programming language’s relative performance when it comes to security policy compliance:

A breakdown of the top exploitable programming languages.
A breakdown of the top exploitable programming languages.

C and C++two compiled languagesare the only ones out of the lot demonstrating 60% compliance with security policies. The top two losers in this regard are scripting languages PHP and ASP, demonstrating a 19% and 17% test pass rate, respectively.

In short, all programming languages and applications can be exploited—not just the aforementioned 7. Ultimately, it’s up to the software programmer to understand the nuances of the chosen language, employ secure software design methods, institute proper validation and data cleansing, and other security practices.

 

Source(s):

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>