Vulnerabilities in popular programming languages cast doubt on application security
Posted: Wed Feb 12, 2025 10:48 am
Sergey Stelmakh | 12.12.2017
IncreaseAn expert has found vulnerabilities in interpreters of popular programming languages such as JavaScript, Perl, PHP, Python and Ruby
An expert has found vulnerabilities in interpreters of popular programming languages such as JavaScript, Perl, PHP, Python and Ruby
According to research conducted by Fernando Arnaboldi, a senior security consultant at IOActive, protected applications are susceptible to attacks due to vulnerabilities in the interpreted programming languages they are written in. An interpreted programming language is distinguished by the fact that the source code is not converted into machine code for oman whatsapp data execution by the central processor (as in compiled languages), but is executed using a special interpreter program.
Using an automated technique known as fuzzing, the expert tested the interpreters of five popular programming languages — JavaScript, Perl, PHP, Python, and Ruby. For observations, XDiFF (Extended Differential Fuzzing Framework) was used, which is tailored to analyze the structure of programming languages and their behavior.
The essence of fuzzing as a testing technique is that the system sends incorrect, unexpected or random data to the application as output. This method is effective in preventing memory leaks that lead to freezing or crashing of programs. Usually, such problems are easily solved by optimizing the source code, but sometimes they conceal security-related problems that are beyond the control of the end-user software developers.
To test Arnaboldi's languages, he used fewer than thirty primitive values (number, letter, etc.), combined with specific payload examples so that he could detect when the software was attempting to access external resources. The researcher "disassembled" the languages into their basic functions, and then tested each of them: JavaScript - 450 functions; PHP - 1405; Ruby - 2483; Perl - 3105; Python - 3814.
IncreaseAn expert has found vulnerabilities in interpreters of popular programming languages such as JavaScript, Perl, PHP, Python and Ruby
An expert has found vulnerabilities in interpreters of popular programming languages such as JavaScript, Perl, PHP, Python and Ruby
According to research conducted by Fernando Arnaboldi, a senior security consultant at IOActive, protected applications are susceptible to attacks due to vulnerabilities in the interpreted programming languages they are written in. An interpreted programming language is distinguished by the fact that the source code is not converted into machine code for oman whatsapp data execution by the central processor (as in compiled languages), but is executed using a special interpreter program.
Using an automated technique known as fuzzing, the expert tested the interpreters of five popular programming languages — JavaScript, Perl, PHP, Python, and Ruby. For observations, XDiFF (Extended Differential Fuzzing Framework) was used, which is tailored to analyze the structure of programming languages and their behavior.
The essence of fuzzing as a testing technique is that the system sends incorrect, unexpected or random data to the application as output. This method is effective in preventing memory leaks that lead to freezing or crashing of programs. Usually, such problems are easily solved by optimizing the source code, but sometimes they conceal security-related problems that are beyond the control of the end-user software developers.
To test Arnaboldi's languages, he used fewer than thirty primitive values (number, letter, etc.), combined with specific payload examples so that he could detect when the software was attempting to access external resources. The researcher "disassembled" the languages into their basic functions, and then tested each of them: JavaScript - 450 functions; PHP - 1405; Ruby - 2483; Perl - 3105; Python - 3814.