A recent study by Veracode shows four of five applications written using PHP, Classic ASP and Cold Fusion will fail an Open Web Application Security Project Top 10 test, which raises a concern over the vulnerability of the vast majority of websites today.
The research firm's study found that 86 percent of PHP-based apps have at least one Cross-Site Scripting vulnerability and 56 percent have at least one SQL injection. This is a major issue because PHP-based software is heavily used by the top three content management systems, Drupal, WordPress and Joomla.
In addition, Veracode said similar vulnerability trends can be seen with Classic ASP and Cold Fusion and that those languages are twice as likely to contain these problems as compared to modern languages like .net and Java.