Re: Languages/platforms used for Web apps. Any stats?

[Adam Shostack <adam () homeport org>]

On Sat, Jun 25, 2005 at 08:08:32AM -0400, Mark Curphey wrote:

| Also if the cost of entry is low, you will see less commitment. Less
| commitment will = less security. That is to say if my grand mother can write
| a simple PHP app but not "fast CCGI" then chances are she will not be able
| to write secure apps in either. One has a chance of making it on the net,
| the other not.  

I think this is key.  PHP (and VB.net) apps are often written by web
designers, UI experts, or novice programmers, because these languages
are easy.  So the folks writing them have less experience, less
training about security, and a lower chance of having an experienced
peer review their code.

I do know some serious programmers who use PHP because its fast and
easy, and in looking at their code, they seem to avoid a lot of the
mistakes that are associated with PHP.  One said something like 'yeah,
I looked up the "What not to do in PHP" page.'