A new study by a Web security firm has found that despite the myriad differences in the common programming languages and frameworks deployed on the Web today, there is virtually no difference in their practical security and resistance to attack. The study was done by WhiteHat Security and based on statistics gathered from nearly 1,700 sites owned by the company s customers. The company looked at data from the last 12 months on the most common classes of vulnerabilities identified and fixed in Web applications. Remediation of common flaws, such as XSS or SQL injection, can take days, weeks or even months.
Source: https://threatpost.com/new-study-shows-nearly-no-difference-security-web-frameworks-050510/73927/