{"id":5917,"date":"2015-12-10T08:27:20","date_gmt":"2015-12-10T08:27:20","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=5917"},"modified":"2016-06-16T13:58:50","modified_gmt":"2016-06-16T11:58:50","slug":"hangi-programlama-dili-daha-guvenli","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/hangi-programlama-dili-daha-guvenli\/","title":{"rendered":"Hangi Programlama Dili Daha G\u00fcvenli?"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/bulut-sunucu.html\" target=\"_blank\">Bulut<\/a> g\u00fcvenli\u011fi \u015firketi Veracode son on sekiz ay i\u00e7erisinde yaz\u0131lm\u0131\u015f 50.000 farkl\u0131 uygulama \u00fczerine yapt\u0131\u011f\u0131 kod analizi ve taramas\u0131 sonras\u0131nda en g\u00fcvenli ve g\u00fcvensiz programlama dillerinin bir listesini yay\u0131nlad\u0131. Son d\u00f6nemlerde bir\u00e7ok kez hacklenen PHP\u2019nin a\u00e7\u0131k arayla en g\u00fcvensiz <strong>programlama dili<\/strong> olmas\u0131, yaz\u0131l\u0131m m\u00fchendislerini hi\u00e7 \u015fa\u015f\u0131rtmad\u0131.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Raporda <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">PHP<\/a>, Java, Microsoft Classic <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">ASP<\/a>, .NET, iOS, Android, C ve C++, JavaScript, ColdFusion, Ruby ve COBOL gibi g\u00fcn\u00fcm\u00fczde en \u00e7ok kullan\u0131lan programlama dilleri yer al\u0131yor. \u0130ncelenen programlar i\u00e7erisinde PHP ile yaz\u0131lm\u0131\u015f olanlar\u0131n yakla\u015f\u0131k %86\u2019s\u0131n\u0131n en az birinde\u00a0 (XSS) a\u00e7\u0131\u011f\u0131 oldu\u011fu, %56\u2019s\u0131nda en az bir SQL injection yaz\u0131l\u0131m hatas\u0131 oldu\u011fu ve %73\u2019\u00fcnde \u015fifreleme sorunlar\u0131 oldu\u011fu tespit edildi. PHP\u2019ye benzer bir kodlama yap\u0131s\u0131 olan ve \u00e7ok fazla a\u00e7\u0131\u011f\u0131 olmas\u0131yla bilinen <strong>ColdFusion<\/strong> diliyle yaz\u0131lan uygulamalar\u0131n ise %62\u2019sinde bir SQL\u00a0injection yaz\u0131l\u0131m hatas\u0131 oldu\u011fu ortaya \u00e7\u0131kt\u0131.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Java uygulamalar\u0131n\u0131n %21\u2019inde SQL injection a\u00e7\u0131\u011f\u0131, Microsoft\u2019un farkl\u0131 temel dilleri tek bir i\u015fletim ortam\u0131nda bir araya getirmeyi ama\u00e7layan .NET \u00e7er\u00e7evesiyle yaz\u0131lan uygulamalar\u0131n ise %29\u2019unda SQL a\u00e7\u0131\u011f\u0131 oldu\u011fu tespit edildi.<\/span><\/p>\n<p><a href=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/12\/Veracode-analiz.png\" data-rel=\"penci-gallery-image-content\" ><img decoding=\"async\" class=\"alignnone size-medium wp-image-5919\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/12\/Veracode-analiz-300x163.png\" alt=\"Veracode analiz\" width=\"300\" height=\"163\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/12\/Veracode-analiz-300x163.png 300w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/12\/Veracode-analiz.png 739w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><span style=\"font-size: 14pt;\">Elbette farkl\u0131 diller farkl\u0131 ama\u00e7lar i\u00e7in kullan\u0131l\u0131r ve PHP ile Java veya C++\u2019\u0131 <a href=\"https:\/\/www.ihs.com.tr\/blog\/php-mi-asp-net-mi\/\" target=\"_blank\">kar\u015f\u0131la\u015ft\u0131rmak<\/a> elma ile armudu kar\u015f\u0131la\u015ft\u0131rmak gibidir. PHP \u00f6z\u00fcnde interneti bir arada tutmak i\u00e7in kullan\u0131l\u0131rken, Java ve C++ daha ziyade derlenmi\u015f\/y\u00fcr\u00fct\u00fclebilir yaz\u0131l\u0131mlar geli\u015ftirmek i\u00e7in kullan\u0131l\u0131r. PHP bir web taray\u0131c\u0131s\u0131yla \u00e7al\u0131\u015f\u0131rken, Java (ve di\u011ferleri) bizzat <strong>web taray\u0131c\u0131s\u0131n\u0131<\/strong> \u00e7al\u0131\u015ft\u0131r\u0131r.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Raporda SQL injection&#8217;u ve Siteler Aras\u0131 Kod \u00c7al\u0131\u015ft\u0131rma gibi web a\u00e7\u0131klar\u0131n\u0131n .NET ve Java uygulamalar\u0131ndan ziyade Classic ASP, ColdFusion ve PHP gibi web kod dilleri aras\u0131nda yayg\u0131n olmas\u0131 dikkat \u00e7ekici oldu\u011fu g\u00f6zlemleniyor. Bu durum b\u00fcy\u00fck ihtimalle her dilin \u00f6zellik setleri aras\u0131ndaki farkl\u0131l\u0131klardan kaynaklan\u0131yor. Classic ASP, PHP ve ColdFusion i\u00e7erisinde .NET ve Java\u2019da oldu\u011fundan daha az g\u00fcvenlik API\u2019si bulunmakta.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u00d6zellikle Java\u2019da\u00a0 g\u00fcvenlik a\u00e7\u0131klar\u0131 otomatik olarak temizleniyor. Bu da dilin (ya da y\u00fcr\u00fctme ortam\u0131n\u0131n, yani Java Sanal Makine\u2019nin) programlar\u0131 sistemin belle\u011fi i\u00e7erisinde istenmeyen \u015feyler yapmaktan al\u0131koydu\u011fu anlam\u0131na geliyor. Veracode\u2019un raporunda Java ve .NET dil ailesi gibi diller, geli\u015ftiricilerin belle\u011fi do\u011frudan tahsis etme ihtiyac\u0131n\u0131 ortadan kald\u0131rarak, ba\u015fta arabellek a\u015f\u0131mlar\u0131 olmak \u00fczere bellek tahsisiyle ilgili t\u00fcm a\u00e7\u0131klar\u0131n \u00f6n\u00fcne ge\u00e7iyor bilgisi veriliyor.<br \/>\n<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sorunun bir k\u0131sm\u0131n\u0131 da bu dilleri kimlerin kulland\u0131\u011f\u0131 ve bu ki\u015filerin <strong>deneyim<\/strong> seviyelerinin ne oldu\u011fu olu\u015fturuyor. Veracode Teknoloji Sorumlusu Chris Wysopal Information Week\u2019in yapt\u0131\u011f\u0131 bir konu\u015fmas\u0131nda \u201c.NET ve Java programlar\u0131 genellikle bu dilleri okulda \u00f6\u011frenmi\u015f bilgisayar mezunlar\u0131 taraf\u0131ndan kullan\u0131l\u0131r\u201d diyor. \u201cColdFusion, <strong><a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">PHP<\/a> <\/strong>ve<strong> <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">ASP<\/a><\/strong> gibi bir\u00e7ok kod yaz\u0131m dili ise web sitesi tasarlanan, kod yazman\u0131n ve siteleri daha interaktif hale getirmenin \u00f6\u011frenildi\u011fi web geli\u015ftiricili\u011fi d\u00fcnyas\u0131ndan geldi\u011fini belirtiyor.\u201d<br \/>\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bulut g\u00fcvenli\u011fi \u015firketi Veracode son on sekiz ay i\u00e7erisinde yaz\u0131lm\u0131\u015f 50.000 farkl\u0131 uygulama \u00fczerine yapt\u0131\u011f\u0131 kod analizi ve taramas\u0131 sonras\u0131nda en g\u00fcvenli&hellip;<\/p>\n","protected":false},"author":3,"featured_media":5925,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5917","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5917"}],"version-history":[{"count":9,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5917\/revisions"}],"predecessor-version":[{"id":7966,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5917\/revisions\/7966"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/5925"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}