Is PHP Secure?

By Angsuman Chakraborty, Gaea News Network
Friday, July 8, 2005

After recent reports of several critical security vulnerabilities of PHP based software. I decided to take a closer look at the current state of security with PHP based products.

A casual search at Secunia revealed 1599 Secunia Security Advisories. In contrast Java has 225 security vulnerabilities and much younger .NET platform has 827.

PHP based products has 5 Extremely Critical and 376 Highly Critical security vulnerabilities.

Interestingly I found 873 virus which can affects PHP files (based on search, didn’t verify all of them individually).

Here however .NET is unbeatable with 8963 virus which affects its products. Java is a poor third with only 227 virus which can apparently affect it.

Disclaimer: The provided number are based on search results and only the top few results have been manually verified.

Discussion

Bill
April 23, 2010: 6:02 pm

Ha! Nicolas, you idiot, you were replying to a two-year-old comment! Moron. :)


Nicolas
August 19, 2007: 9:09 pm

Brian: he was talking about PHP-based software, not PHP itself.

(yes I realize I’m replying to a 2-year-old comment)

September 3, 2005: 3:17 am

You really should get your facts correct. If you look at the Secunia Vulnerability Report for .NET 1.x you will see it has 6 security vulnerabilities (https://secunia.com/product/667/), Java 1.5 has 3 security vulnerabilities (https://secunia.com/product/4228/), Java 1.4 has 20 security vulnerabilities (https://secunia.com/product/784/) and PHP 5.0.x has 4 (https://secunia.com/product/3919/) and PHP 4.3.x (the version before PHP 5.0.x) has 14 (https://secunia.com/product/922/).

Im guessing you just used the search box instead of actually looking for the vulnerabilities which finds text on the page, not vulnerabilities.

July 11, 2005: 1:03 am

[...] Bryan is forced to clean install Windows XP after attempting to use a Belkin Wireless G USB Network Adapter. Owen compares MovableType v3.2 to WordPress v1.5. Michael releases K2 (Kubrick v2) to the public as an alpha release. Brian is back with a new addition to his family. Where are those baby pictures? Khaled ruminates on the recent incident in London. Craig has returned, and he is finally feeling “normal”. Orson discusses “stretching” your brain through video games. Angsuman asks, “Is PHP secure?” Mark shares his feelings on Live 8. Tom discovers that Microsoft may be embracing web standards. And, Podz has a visit from the site-stealing Googlebot. [...]

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :