Top 5 Vulnerable Programming Languages.

Nothing is Secure in this world. finding the vulnerability and fixing it will increase the quality and efficiency of the software.Photo by Markus Spiske on Unsplash

Many of the programmers argue that a programming language is secure and powerful than other programming languages but the fact is that every programming language has its own pros and cons. and the task done by one particular programming is may or may not effectively done by another programming language.

Eg:- Developing an Android application will more efficient with java than the python.

But Some developers and researchers claim that there are some languages that are more or less secure than other languages, but to claim the truth we need to consider many factors that go into choosing a programming language, and it’s up to us to make sure, when we use it, that we are doing everything we can to ensure our software project’s security.

Recently a new report is released by security research company i.e WhiteSource about the security of programming language, what vulnerabilities and issues they encountered is that XSS(Cross-Site Scripting), input validations, permissions, privileges, Information leak, and Access Control, According to the report the most widely used and vulnerable programming languages are

1. C [47%]
2. PHP [17%]
3. Java [12%]
4. JavaScript [11%]
5. Python and C++ [6%]

Security Vulnerability

Now, we will focus on various vulnerabilities of each programming language in detail

C

C is one of the old programming languages available in the industry. It is a procedural oriented programming language. this programming language laid a foundation for later developed programming languages like Java, PHP, JavaScript.

The main features of C language include:

1. Low-level access to memory
2. A simple set of keywords
3. Clean Coding Style

These features make C language suitable for system programmings like an operating system or compiler development.

The most common vulnerabilities in C Programming are:

Buffer Overflow Error: Most popular buffer overflows are:

• Stack-based buffer overflow
• Heap-based buffer overflow

Format String Vulnerability: It occurs if an attacker is able to specify the format string to a format function. If the format string that is received differs from that which is expected, such as being longer or shorter than the allocated data space, the program may crash, quit or make up for the missing information by reading extra data from the stack; allowing the execution of malicious code.

Some examples of format function, which if not treated, can expose the application to the format string attack are fprint, printf, sprintf, snprintf, vfprintf, vprintf.

Integer errors: These are not exploitable vulnerabilities by themselves, but exploitation of these errors could lead to a situation where the program becomes vulnerable to one of the previously described vulnerabilities.

PHP

PHP is a server-side scripting language and a powerful tool for making dynamic and interactive Web pages. It is a widely-used, free, and efficient alternative to competitors such as Microsoft’s ASP.

The most common vulnerabilities in PHP Programming are:

1. (XSS)Cross-Site Scripting.
2. SQL Injection.
3. Cryptographic Issues.
4. Code Injection.
5. Information leakage.
6. Code Quality.
7. Command or Argument Injection.
8. Untrusted Initialization.

Directory Traversal Attack: Directory traversal attacks are executed through web browsers. An attacker may manipulate a URL in such a way that the website will reveal the confined files on the web server.

Typically, web servers provide two security mechanisms to restrict user access:

• Access Control Lists (ACLs)
• Web Document Root Directory

JAVA

Java is a popular general-purpose Object-Oriented programming language and computing platform. It is fast, reliable, and secure. According to Oracle, the company that owns Java, Java runs on 3 billion devices worldwide. The features of Java are

1. Platform Independent.
2. Object-Oriented.
3. Robustness.
4. Secure.
5. Standard API Library.

The most common vulnerabilities in JAVA Programming are:

1. CRLF Injection.
2. Cryptographic Attacks.
3. Information Leakage.
4. API Abuse.
5. SQL Injection.
6. XSS (Cross-Site Scripting).
7. Insufficient Input validation.
8. Directory Traversal.

JavaScript

JavaScript is one of the world’s most popular programming languages. The reason for this is quite simply because of its role as the scripting language of the world wide web. To be more precise, it’s a programming language that lets you implement complex and beautiful things/design on web pages. When you notice a web page doing more than just sit there and gawk at you, you can bet that the web page is using JavaScript. The features of Javascript are —

1. Object-Oriented Scripting language
2. Interpreted language.
3. Runs on the browser.

The most common vulnerabilities in JavaScript are:

1. XSS Attack.
2. CSRG Attack.
3. Server-Side Javascript Injection.
4. Client-Side logic issues.

XSS Attack: Cross-Site Scripting, or XSS, is one of the most common browser-side vulnerabilities. These types of attacks happen an attacker injects malicious code into a legitimate (but vulnerable) application. Attackers can manipulate JavaScript and HTML to trigger the malicious code or scripts.

CSRG Attack: Cross-Site Request Forgery involves taking over or impersonating a user’s browser session by hijacking the session cookie. CSRF attacks can trick users into executing malicious actions the attacker wants, or into taking unauthorized actions on the website.

Server-Side Javascript Injection: It is a newer type of JavaScript exploit, primarily targeted at backend framework Node.js application and NoSQL. While XSS attacks are executed in the end user’s web browser, Server-Side attacks are executed on the server level, which can have more disastrous effects on a website. In this type of attack, an attacker can upload and execute malicious binary files on the web server.

Client-Side logic issues: Improper validations and logical errors while integrating the code and if your website code hardcodes API keys into client-side JavaScript, this would be vulnerable to attackers.

C++

C++ is a general-purpose programming language and widely used for competitive programming. It has imperative, object-oriented and generic programming features. It is also used to develop Operating Systems, Games, Embedded Systems and developing new programming languages and frameworks as well. The popularity is this programming language is due it’s ridiculous speed.

The most common vulnerabilities in C++ are:

1. Error Handling.
2. Buffer Overflow.
3. Cryptographic Issues.
4. Potential Backdoor.
5. Race Condition in Process Management.
6. Numeric Errors.
7. Directory Traversals.

Python:

Python is a powerful multi-purpose programming language created by Guido van Rossum. It supports both the Object-Oriented paradigm and Functional Oriented paradigm. It has a simple syntax, making it the perfect language for someone trying to learn computer programming for the first time. the features of this language are —

1. Cross Platform.
2. Extensible.
3. Object-Oriented.
4. Large Community Support.
5. Standard library.
6. Interpreted Programming language.

This language is mostly used by the pen testers, Data Scientists, and researchers.

The most common vulnerabilities in Python are:

CROSS SITE REQUEST FORGERY: This security vulnerability occurs when a compromised web application is forced to perform an action by another logged-in user. Also, it includes hacking or logging into a website with others’ login credentials.

LDAP INJECTIONS: LDAP Stands for Lightweight Directory Access Protocol. This vulnerability occurs when a malicious user inserts/modify LDAP statements that lead to speculations.

XPATHI: This Security vulnerability occurs when a malevolent user intentionally passes data to a website. They can use that interaction to find out how the data is structured in XML, or they can access secured data that they can’t access normally.

CROSS SITE SCRIPTING (XSS): This security vulnerability occurs when a malevolent user can trick any web application to steal stored cookies, saved passwords, and script code that served unsuspecting users of that application.

Conclusion

Since technology is improving day to day. It will provide better solutions to resolve these issues. It is impossible to build a 100% efficient software every program has some issues and bugs. Finding the vulnerability and solving them is the better solution to improve the efficiency of the software.

I explained some attacks mainly which are done by hackers frequently. if you want complete information about all attacks please leave a comment.

If you liked this article, please click on the clap, leave me your valuable feedback, and share with your friends.

Hello busy people, I hope you had fun reading this post, and I hope you learned a lot here! This was my attempt to share what I’m learning.

I hope you saw something useful for you here. Have fun! Keep learning new things and see you next time! 😉🤓

Check out My Twitter, Github, and Facebook. 🙂

Top 5 Vulnerable Programming Languages. was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.