Most Php Installs Are Not Secure! 3
Do you use php or run php web-applications?
Chances are that it has known security issues according to Anthony Ferrara.
78% of Php Installations are Not Secure
For me, the interesting thing in that article is that 82% of perl installations do not have any known security issues.
The article is misleading…because the author looks at versions of php that have been retired and counts that toward the total.
(e.g., PHP that was included on Debian 5 which reached its end of life quite some time ago and which no backports are being done for).
Another thing is that most php vulnerabilities that aren’t patched in this article are LOCAL ones. I’d say a better comparison would be to look only at remote vulnerabilities.
The author also doesn’t look at whether an php add-on like gd-php is the module at fault for a vulnerability. Many servers may have this installed but I’m sure many won’t. In this instance, his 78% number is once again off.
The article looks to be a big scare mongering in my opinion.
AnthonyF appears to be a php programmer. I cannot speak for his motives.
Regardless of where any web app runs, non-secure web-apps in any language are an issue we all need to address. Php is like Microsoft – popular and easy target, so people developing in php need to do security better than everyone else. That doesn’t appear to be happening.
If the php community doesn’t do it better, I can see the day when php becomes like Java Applets – effectively dead due to security considerations.
Or php will end up with 93% of all web-apps developed in it? Who can tell?
Another Wordpress security issue
Over 100K websites compromised and spewing malware so far.
Wordpress and the addons are written in php.