[Owasp-newjersey] Short course - 50% discount for OWASP members
jcl24 at cornell.edu
Wed May 2 22:15:23 EDT 2007
I knew I was forgetting something.
On 5/1/07, Matt Joyce <mjoyce at aculei.net> wrote:
> And I call shenanigans. Additionally there is a lot more to security
> than the application itself. Isolating applications, controlling the
> way they execute on a host and what resources are available to them all
> factor into security. In that regard C# and Java are generally a pain
> in the ass to "secure" since security relies on network isolation.
What does the choice of development language have to do with network
isolation? How is a PHP app stack easier to isolate than Java? Java
was built from the ground up with execution isolation in mind. PHP has
some nice configuration options, but that doesn't compare with the
Java security model. No argument about the MS application stack,
though, even the C# CLR. It boggles my mind that a bytecode
interpreter still has buffer overflow vulnerabilities.
More information about the Owasp-nynjmetro