php , jsp , asp?

[tittat]

php , jsp , asp? which is better in security?
I found many of the banking solution use asp or jsp.No one use php.
I think php is less secure when compared to jsp and asp.
Please clarify my doubt.

[crisp]

Any of the three are only as secure as your code. You can't base your opinions on who uses what, it's how they use it, and how it was written that counts.

You'll probably find many banking sites use asp because they have deals with Microsoft for their server products and support, not because of security concerns. They could also be using packages particular to their industry, which were written for asp specifically too.

I can't speak for asp, as I have no experience of working with it, but my site's written in php, and I'm pretty confident it's secure, and works as I want it to, it's open source (free) and well documented and supported. Learn to write secure code and it's all you need.

As for jsp, forget it, x10 doesn't support it, so there's little point you exploring that avenue if your site's hosted here.

[klnce]

A perfect answer from CRISP.

Security comes "How you write the code "

But java has certain other advanatages like Java Server faces and servelets over PHP.

[cools]

JSP is good because of JVM , which manages security by mediation. However ASP is not as safe as ASP.NET ., because the later is developed through Microsoft Secure Software development life-cycle . Thus , ASP.NET has security embedded in its code , such as security against XSS is built in the code. This means you don't have to be much concerned about XSS when you are coding in ASP.NET.

[TechAsh]

My sites are entirely in PHP and I'm confident that they are secure enough. I think that the choice of language depends more on the features available and what language software is available in than the security (Although security is a big issue).

[VPmase]

A lot of people use PHP and there are a lot of ways you can make a secure site like using the simple strip_tags() function or using the preg_match() fuction.
My site is coding in PHP but I use a lot of Javascript checking and Ajax for security.

[kkenny]

For basic non banking sites. PHP will do. Because unless if you don't have that many people who want to hack your site PHP will work fine for you.