locked
Does ASP have security issues? RRS feed

  • Question

  • User-1648909988 posted

    I've just started learning ASP.NET and C#.  The past few weeks I've been told by two different people that everyone is moving away from ASP and toward things like PHP because of security issues.  According to them hacking an ASP site is easier PHP.  Is this true?

    One guy told me that his old ASP website was hacked all the time but since moving to Joomla, he doesn't have issues anymore.

    Monday, September 24, 2012 9:50 AM

Answers

  • User-760709272 posted

    ASP as a technology is as inheritnly secure as PHP, it depends how it is coded as most website hacks are done via sql injection or cross-site scripting.  .net has good protection against sql injection, however you can choose to not use it and expose yourself.  There is no real built-in protection against cross site scripting, you have to be aware of it and code for it.  Both techniqeues are just as valid to use against PHP sites if they have not been coded against them.  .net has better protection against SQL Injection than PHP does, but ultimately it comes down to how the site is coded.  Even established PHP packages like vBulletin etc still have vulverabilities that are regularly expliuted (as will .net-based packages, as I said it comes down to the individual coding).

    Always be wary of people who say things like "that is more secure" without citing any evidence as they are just regurgitating bias opinion presented as fact.  Like "Linux is more secure than Windows", "FireFox is more secure than IE".  I hear these arguments on a daily basis and simply refer people to links on independent expoit testing sites that show the opposite is often true.  Someone once told me that "MySQL is more secure than MS SQL Server" - I pointed him to evidence that MySQL had hundreds of known vulnerabilities while MS SQL Server had one.

    My personal favourite is "open source is more secure than proprietary code".  I could literally spend days destroying that argument.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, September 24, 2012 10:01 AM
  • User-183374066 posted

    I dont think so there is any security risk in asp.net. Both are good and secure. You have to cover loop holes in both PHP and ASP.NET by you code.

    Following are few interesting links for comparison.

    http://www.comentum.com/php-vs-asp.net-comparison.html

    http://www.sitepoint.com/v-php-top-6-reasons-use-net/

    http://forums.asp.net/t/1203901.aspx/1

    http://programmers.stackexchange.com/questions/65414/when-to-use-php-or-asp-net

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, September 24, 2012 10:48 AM

All replies

  • User-760709272 posted

    ASP as a technology is as inheritnly secure as PHP, it depends how it is coded as most website hacks are done via sql injection or cross-site scripting.  .net has good protection against sql injection, however you can choose to not use it and expose yourself.  There is no real built-in protection against cross site scripting, you have to be aware of it and code for it.  Both techniqeues are just as valid to use against PHP sites if they have not been coded against them.  .net has better protection against SQL Injection than PHP does, but ultimately it comes down to how the site is coded.  Even established PHP packages like vBulletin etc still have vulverabilities that are regularly expliuted (as will .net-based packages, as I said it comes down to the individual coding).

    Always be wary of people who say things like "that is more secure" without citing any evidence as they are just regurgitating bias opinion presented as fact.  Like "Linux is more secure than Windows", "FireFox is more secure than IE".  I hear these arguments on a daily basis and simply refer people to links on independent expoit testing sites that show the opposite is often true.  Someone once told me that "MySQL is more secure than MS SQL Server" - I pointed him to evidence that MySQL had hundreds of known vulnerabilities while MS SQL Server had one.

    My personal favourite is "open source is more secure than proprietary code".  I could literally spend days destroying that argument.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, September 24, 2012 10:01 AM
  • User1080340250 posted

    The inherient security of every framework equates to the care put into writing the code.

    Monday, September 24, 2012 10:25 AM
  • User-183374066 posted

    I dont think so there is any security risk in asp.net. Both are good and secure. You have to cover loop holes in both PHP and ASP.NET by you code.

    Following are few interesting links for comparison.

    http://www.comentum.com/php-vs-asp.net-comparison.html

    http://www.sitepoint.com/v-php-top-6-reasons-use-net/

    http://forums.asp.net/t/1203901.aspx/1

    http://programmers.stackexchange.com/questions/65414/when-to-use-php-or-asp-net

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, September 24, 2012 10:48 AM