is php security strong like asp or any other languge

Dear Friends

i am a beginner of php one of my friend says php is not strong like asp in security an can be hack easily also sql injection work well on php
by his this comment i am much frustrated and double minded that what i should learn
when i have started php

 

security, in general, isnt the problem of the language, its down to the person who is coding.

As usual, there are always best practicses involved. However.... saying that an ASP is secure means that you should ignore your friend completely as he has no idea what he is talking about.

[refer to my first sentence, then remember that in most cases, ASP runs on MS servers - google security issues on MS hosts if you need more information]

With that said, PHP may get a bad rap sometimes because most people think they can just up-and-learn it.... of course, this has a learning curve and part of that territory is security. If people really were that bothered about security, everyone's WP/windows/anything-else updates would be installed the minuted they are released. Sadly, this isnt the case.

With that said, there's no reason why you can't write efficient, secure code in PHP.

 

The language you use doesn't determine how secure your applications are going to be. You can write crap and insecure code in any language.
SQL injection is possible in anything that takes input form the user for use in queries, regardless of the language.

You can also write secure code in any language. There are very few inherent vulnerabilities in most of the widely used languages now.

This fanboy crap is ridiculous.

 

Hear hear! didn't see your post before I replied.

 

according to my friend every one know how work php so it is easy to hack and in asp it is very difficult

 

Believe what you want. We've established your friend doesn't know what he's talking about now.

 

lol! Qft

 

thanks friends for suggestions and gaudiness

 

moon - just want to put a case in point.

In many cases, -if i were to try to 'hack' a website- I dont need to know what language a website uses. This isn't where you start.... The first place is usernameasswords. THEN services, FTP, telnet, VNC.... and so on. Then, you might decide to explode vulnerabilities in code..... (unless you've googled for known exploitable servers ofc).

At the end of the day, "your friend" has a lot more to worry about than what language a website uses. Even today, buffer overflows and such are found in sources that have otherwise been sound, security wise.

Think nothing of it, "this vs that" has been done to death.... "All languages suck, its just that some suck less than others" [the original quote was about email clients]

 

No problem, some times it's better to be blunt and honest.

by the way, nice post likeg32 - totally agree. Social Engineering is also creeping into the foreground with hackers as well.