JAVA

Java is a general-purpose computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible. It is intended to let application developers “write once, run anywhere” meaning that compiled Java code can run on all platforms that support Java without the need for recompilation. Java applications are typically compiled to byte code that can run on any Java virtual machine (JVM) regardless of computer architecture. As of 2015, Java is one of the most popular programming languages in use, particularly for client-server web applications, with a reported 9 million developers. Java was originally developed by James Gosling at Sun Microsystems (which has since merged into Oracle Corporation) and released in 1995 as a core component of Sun Microsystems’ Java platform. The language derives much of its syntax from C and C++, but it has fewer low-level facilities than either of them.

The original and reference implementation Java compilers, virtual machines, and class libraries were originally released by Sun under proprietary licenses. As of May 2007, in compliance with the specifications of the Java Community Process, Sun relicensed most of its Java technologies under the GNU General Public License. Others have also developed alternative implementations of these Sun technologies, such as the GNU Compiler for Java (byte code compiler), GNU Class path (standard libraries), and Iced Tea-Web (browser plugin for applets).

  • SECURITY FEATURES
    The JVM

    The binary form of programs running on the Java platform is not native machine code but an intermediate byte code. The JVM performs verification on this byte code before running it to prevent the program from performing unsafe operations such as branching to incorrect locations, which may contain data rather than instructions. It also allows the JVM to enforce runtime constraints such as array bounds checking. This means that Java programs are significantly less likely to suffer from memory safety flaws such as buffer overflow than programs written in languages such as C which do not provide such memory safety guarantees.

    The platform does not allow programs to perform certain potentially unsafe operations such as pointer arithmetic or unchecked type casts. It also does not allow manual control over memory allocation and deal location; users are required to rely on the automatic garbage collection provided by the platform. This also contributes to type safety and memory safety.

  • SECURITY MANAGER

    platform provides a security manager which allows users to run untrusted byte code in a “sandboxed” environment designed to protect them from malicious or poorly written software by preventing the untrusted code from accessing certain platform features and APIs. For example, untrusted code might be prevented from reading or writing files on the local file system, running arbitrary commands with the current user’s privileges, accessing communication networks, accessing the internal private state of objects using reflection, or causing the JVM to exit.

    The security manager also allows Java programs to be cryptographically signed; users can choose to allow code with a valid digital signature from a trusted entity to run with full privileges in circumstances where it would otherwise be untrusted.

    Users can also set fine-grained access control policies for programs from different sources. For example, a user may decide that only system classes should be fully trusted, that code from certain trusted entities may be allowed to read certain specific files, and that all other code should be fully sandboxed.

  • SECURITY APIs

    Accordion three contentThe Java Class Library provides a number of APIs related to security, such as standard cryptographic algorithms, authentication, and secure communication protocols.

PHP

PHP is a server-side scripting language designed for web development but also used as a general-purpose programming language. As of January 2013, PHP was installed on more than 240 million websites and 2.1 million web servers. Originally created by Rasmus Lerdorf in 1994, the reference implementation of PHP (powered by the Zend Engine) is now produced by The PHP Group. While PHP originally stood for Personal Home Page, it now stands for PHP: Hypertext Preprocessor, which is a recursive backronym.

PHP code can be simply mixed with HTML code, or it can be used in combination with various templating engines and web frameworks. PHP code is usually processed by a PHP interpreter, which is usually implemented as a web server’s native module or a Common Gateway Interface (CGI) executable. After the PHP code is interpreted and executed, the web server sends resulting output to its client, usually in form of a part of the generated web page; for example, PHP code can generate a web page’s HTML code, an image, or some other data. PHP has also evolved to include a command-line interface (CLI) capability and can be used in standalone graphical applications.

The canonical PHP interpreter, powered by the Zend Engine, is free software released under the PHP License. PHP has been widely ported and can be deployed on most web servers on almost every operating system and platform, free of charge.

Despite its popularity, no written specification or standard existed for the PHP language until 2014, leaving the canonical PHP interpreter as a de facto standard. Since 2014, there is ongoing work on creating a formal PHP specification.

List the latest Frameworks and Tools for PHP Development

  • Zend framework (ZF)

    Zend Framework 2 has a number of components that fulfill most of the PHP developer needs for smooth creation of PHP development programs. All the components involved in Zend development are completely object oriented and supports multiple database systems and vendors.

  • Drupal

    Drupal 7.x 6 is a free open source software package that allows PHP developers to easily create, manage and organize all kinds of web portals, e-commerce applications, resource directories, social networking sites etc.

  • Joomla

    Joomla version 3.4 is a content management system that provides PHP developers a platform to easily create and manage complicated web sites, portals and intranet sites. Joomla is written in PHP and offers a host of features such as page caching, RSS feeds, blogs, polls, news flashes and support for language internalization.

  • OScommerce

    OS Commerce v2.3.4this is an online-store management software program and any web server with PHP and My SQL can easily use this program. The latest version of OS 2.2 is completely compatible with PHP 5 and My SQL version 6

  • Symphony Framework

    Symphony version 2.6.3 offers a mix of third party libraries and web development practices. It is a full stack framework that provides tools and components to create complicated web applications easily.

    Benefits of frameworks and tools for php developers: There are a number of benefits that largely contribute to PHP development and help the PHP developers to create effective applications. Most of the frameworks help in optimizing the coding tool pattern and even facilitate easy process of PHP development. Since the frameworks already incorporate inbuilt core libraries therefore it makes coding that much easy and hassle free. PHP developers definitely have an edge when using these frameworks to their advantage as they are even considered to be more secure.

SECURITY

 

In 2013, 9% of all vulnerabilities listed by the National Vulnerability Database were linked to PHP; historically, about 30% of all vulnerabilities listed since 1996 in this database are linked to PHP. Technical security flaws of the language itself or of its core libraries are not frequent (22 in 2009, about 1% of the total although PHP applies to about 20% of programs listed). Recognizing that programmers make mistakes, some languages include taint checking to automatically detect the lack of input validation which induces many issues. Such a feature is being developed for PHP, but its inclusion into a release has been rejected several times in the past.

There are advanced protection patches such as Suhosin and Hardening-Patch, especially designed for web hosting environments.

There are certain language features and configuration parameters (primarily the default values for such runtime settings) that make PHP prone to security issues. Among these, magic quotes gpc and register global configuration directives are the best known; the latter made any URL parameters become PHP variables, opening a path for serious security vulnerabilities by allowing an attacker to set the value of any uninitialized global variable and interfere with the execution of a PHP script. Support for “magic quotes” and “register global” has been deprecated as of PHP 5.3.0, and removed as of PHP 5.4.0.

Another example for the runtime settings vulnerability comes from failing to disable PHP execution (via engine configuration directive) for the directory where uploaded images are stored; leaving the default settings can result in execution of malicious PHP code embedded within the uploaded images. Also, leaving enabled the dynamic loading of PHP extensions (via enabledl configuration directive) in a shared web hosting environment can lead to security issues.

Also, implied type conversions that result in incompatible values being treated as identical against the programmer’s intent can lead to security issues. For example, the result of “0e1234” == “0” comparison will be true because the first compared value will be treated as scientific notation of a number (0×101234) with value of zero. This feature resulted in authentication vulnerabilities in Simple Machines Forum, Typo3 and phpBB when MD5 password hashes were compared. Instead, identity operator (===) should be used; “0e1234” === “0” results in false.

Show All Description

.NET

Development of a web application which is based on these components is termed as web application development. Each of the components in the application stack is an open source software which reduces the cost of web based stuffs significantly. The application development cycle germinates from the raw shape of your ideas and ends on a solid piece of application where each detail is crafted with finesse. We believe that application Development should not just be a reflection of your ideas but also an extension of the needs of your target group.

top
Translate »