Web Application Security Comparision: MS vs OSS


Just thinking on security concern my client always have with their web application. And they do tell me that they read open source software is better then Microsoft as they are free and less buggies as compare to microsoft. In this article I am going to put some important point that I tell them, don’t feel I am Microsoft follower, but as independent programmer, and having done coding in both platform, I am able to write this article. Important thing is that I am going to pin point goods and bad only on web application.

Choice of programming language: ASP.NET or PHP

If you get lucky and get a good programming team which often charge you very heavily, then it really doesn’t matter if you chose any language, they do modify default setting of your programming language to their need. But thats not the case if you are looking for an Ecommerce site from any medium or small company. Now,

1) if you choice PHP because its OSS or free, then, ASP.NET is also free, you don’t need to pay anything to any one for using ASP.NET.

2) If you choose PHP becuase its more secure, then PHP is as secure as its developer can make it. Where as ASP.NET enforce some security check, and developer need to put extra effort to disable those security feature. ASP.NET has POST data validations in place that prevent attacks like SQL injections, Javascript insertation in Textfields etc. Where as one has to write those checks in PHP. So if you get a learner PHP programmer, writing your code, then chances are your site is open for SPAM attacks, but if you get an idiot ASP.NET programmer, your site is still secure.

3) If you chose Linux over Windows as its more secure, then Viruses are there for linux as well, trojans can be made for linux (there is not techincal background that Trojan are Microsoft or Windows propritery).

4) If you think Linux is cheaper then Windows, then check pricing on major hosting companies, they often doesn’t charge anythign extra for Windows. However, in Linux, you need an expert to solve your problem, but in windows you can do that using any freeware or paid software for it. Even your kid can develop a software for windows.

5) Linux is used for 5-10% user that means out of 100 only 10 computer has linux, now if we assume that 2 computer of linux get hacked and 5 computer of windows then 20% linux got hacked where as only 5.55% of windows get hacked.. ooops thats amazing ?

6) My practical experince, I worked   on more then 10 windows server and handle 3 windows server myself … none get hacked yet in last 2-3 yrs, I worked on 20 Linux server and handle 4 linux server my self, 2 got hacked.

I have my Vikasumit.com site written in PHP, it use to get spammed by Bot Form filler, and I often get junk mails, this site works for 2 yrs in PHP, but then I convert it into ASP.NET, and its over 1 yr I never got those spam mail… Are those BOTs dead?

Think again before choicing your platform, and Please do ask your developer profile before giving outsourcing job to any company, local or offshore.