Understanding JVM zero day in relationship with other runtimes
I am a .net and php developer and since java has been in the news recently thanks to the string of zero days, I decided to brush up on security.
In regards to the java zero days, this question has been very helpful: Security of JVM for Server. My understanding is that the vulnerabilities exists on the java applets running on the browser and not for web applications hosted on a server.
If this is correct, then server side web applications running on platforms like .net, springmvc, lamp are pretty secure, aside from developer introduced attack vectors like not sanitizing input and the like (see owasp).
My question is this: Has there been any studies to see if any of the popular web platforms (I can think of lamp, spring, .net) are inherently more vulnerable than others?
I am a .net and php developer and since java has been in the news recently thanks to the string of zero days, I decided to brush up on security.
In regards to the java zero days, this question has been very helpful: Security of JVM for Server. My understanding is that the vulnerabilities exists on the java applets running on the browser and not for web applications hosted on a server.
If this is correct, then server side web applications running on platforms like .net, springmvc, lamp are pretty secure, aside from developer introduced attack vectors like not sanitizing input and the like (see owasp).
My question is this: Has there been any studies to see if any of the popular web platforms (I can think of lamp, spring, .net) are inherently more vulnerable than others?
No comments:
Post a Comment