kingandveigar;11065599 wrote:I recently noticed an article that Classic ASP, ColdFusion, and PHP apps tend to have the most security bugs.
[citation needed], but a lot of such code tends to be written by people who have less understanding of what they're doing than others who have some programming experience in other languages (partly because there are still people who don't see it as "real programming").
kingandveigar;11065599 wrote:How can one possibly trace all the pathways from user input into the app?
Depending on how the code is written the cyclomatic complexity (which is how that is measured) can be reduced by suitable program design; packaging logic into separate functions can reduce the complexity, and then each function can be analysed separately. Assertions added in the function that are checked when it is entered and just before it is left can be used to document what it should receive and return in a way that can be both read by the programmer, executed by the runtime, and potentially exploited by static analysis tools as well.
The Xdebug extension does code coverage analysis so that you can see if your test suite hits everything it should, and the VLD extension by the same author does some path analysis to enumerate possible execution pathways.