What Are the Most Prevalent Flaws in Your Programming Language?

A few months ago, we released our 12th annual State of Software Security (SOSS) Report. In our announcement blog, we noted new application development trends (like increased use of microservices and open-source libraries), the positive impact that Veracode Security Labs has on time to remediate security flaws, and the increased use of multiple application security scan types. But what we have yet to dive into is the security flaws we found in different programming languages.

Much like last year, we created an interactive heat map that lists out the most prevalent flaws by language along with an explanation of the flaw, supporting SOSS data, and tips for preventing the flaw.

It’s interesting to see that what might be a common flaw for one language, might not even be of concern for another. Take cross-site scripting (XSS), for example. It’s the most common flaw for PHP – at 77.2 percent – but it does not make the top 10 for C ++.

For those of you familiar with last year’s heat map, you’ll notice that the top 10 security flaws for the majority of languages ​​are relatively similar. The most noteworthy change is to the flaws in JavaScript. Last year, XSS was the top flaw. This year, CRLF Injection has taken the number one spot – moving XSS down to the third spot.

But keep in mind that even if a flaw is not as prevalent in your programming language this year as it was last does not mean that you should not take active steps to prevent it from impacting your code. In other words, flaws are constantly changing. What seems secure today may not be secure tomorrow. You need to be actively (and frequently) scanning both your code as well as third-party code leveraged in your codebase. You should also be training developers in secure code best practices. Consider a tool like Veracode Security Labs. Veracode Security Labs teaches developers the skills and strategies needed to tackle evolving security threats by exploiting and patching real code. Our recent SOSS report found that organizations using Veracode Security Labs cut down the time it takes to fix 50 percent of flaws by an average of 35 percent.

Are you ready to learn about the most prevalent flaws in your programming language and how to stay secure? Check out our security flaw heat map, Beat the Heat.

Source

A few months ago, we released our 12th annual State of Software Security (SOSS) Report. In our announcement blog, we noted new application development trends (like increased use of microservices and open-source libraries), the positive impact that Veracode Security Labs has on time to remediate security flaws, and the increased use of multiple application security scan types. But what we have yet to dive into is the security flaws we found in different programming languages.

Much like last year, we created an interactive heat map that lists out the most prevalent flaws by language along with an explanation of the flaw, supporting SOSS data, and tips for preventing the flaw.

It’s interesting to see that what might be a common flaw for one language, might not even be of concern for another. Take cross-site scripting (XSS), for example. It’s the most common flaw for PHP – at 77.2 percent – but it does not make the top 10 for C ++.

For those of you familiar with last year’s heat map, you’ll notice that the top 10 security flaws for the majority of languages ​​are relatively similar. The most noteworthy change is to the flaws in JavaScript. Last year, XSS was the top flaw. This year, CRLF Injection has taken the number one spot – moving XSS down to the third spot.

But keep in mind that even if a flaw is not as prevalent in your programming language this year as it was last does not mean that you should not take active steps to prevent it from impacting your code. In other words, flaws are constantly changing. What seems secure today may not be secure tomorrow. You need to be actively (and frequently) scanning both your code as well as third-party code leveraged in your codebase. You should also be training developers in secure code best practices. Consider a tool like Veracode Security Labs. Veracode Security Labs teaches developers the skills and strategies needed to tackle evolving security threats by exploiting and patching real code. Our recent SOSS report found that organizations using Veracode Security Labs cut down the time it takes to fix 50 percent of flaws by an average of 35 percent.

Are you ready to learn about the most prevalent flaws in your programming language and how to stay secure? Check out our security flaw heat map, Beat the Heat.

Source

More from author

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Related posts

Advertismentspot_img

Latest posts

Multiple Vulnerabilities Discovered in Device42 Asset Management Appliance

A series of vulnerabilities on the popular asset management platform Device42 could be exploited to give attackers full root access to the system, according...

Top 5 best backup practices

Give yourself peace of mind by implementing a new backup strategy with our tips....

Indian Power Sector targeted with latest LockBit 3.0 variant

Estimated reading time: 5 minutesAfter the infamous Conti ransomware group was disbanded, its former members began to target the energy and power sectors...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!