Application Security Testing: An Integral Part of DevOps
PHP: The Overview
PHP stands for Hypertext Preprocessor. Reading the title alone can alert you to the fact that this is a server-side processing language that reveals itself in the form of HTML. The most common use of this is web forms. Data is sent from the client to the web server. Information is processed and returns results.
This versatile language is not restricted to web access in the least. PHP also can be used in command-line processing and also installed as an extension to your own operating system. This will cause the PHP files to open with the PHP executable.
ASP: The Overview
ASP is short for Active Server Pages. This too is a server-side scripting language. Microsoft has incorporated this language into their servers for more dynamic built-in objects. These are known as Component Object Models (COM).
Although not restricted only to being run on an IIS (Internet Information Services) server, its only full functionality can come through IIS. This first came with Windows 2000 and the NT4 Option Pack. ASP was not restricted to IIS. PWS (Personal Web Server) also was able to interpret ASP code on Windows NT, 95, and 98. However, it was limited in its functionality.
Many people like to argue the cost of ASP versus PHP. I would agree that this can be a concern for some, but really is not a major concern. Most buy IIS for the Microsoft integration. This being the case, IIS is worth the extra money for those expenses.
PHP is free to the extent of the Apache Web Server. The Apache Software Foundation offers a rather secure—but best of all, free—web server. With this, PHP can be installed for free. The only true costs expended are the server to run it, and the time to install it.
Here is where the most arguing is spent for loyalists of both sides of the server-side scripting world. This has been a large debate since both languages came into existence. This is an area that I do believe is greatly significant.
When an Operating System (OS) delegates memory to applications, the application will usually give back the memory. Operating Systems do not ask for that memory back so long as the application is still in use. PHP has a unique way of using this memory usage to its advantage. PHP grabs a memory block and holds it. When it frees up, it is not returned, but held for whatever processing that might take place in the future. This can be edited in the configuration file.
ASP is a little slower due to its COM-based architecture. Because it is calling object models, the machine must load those. This is similar to a programming language referencing a control. The memory usage, however, is not all that different from a standard application.
Truly, the main distinguishing factor will always be the computer on which the web server is run. If the machines are not similar, the language on the faster machine will indeed be faster than the other no matter what the strengths of memory or processor usage.
When referring to the "C" word, many questions are quickly raised. No two computers are the same and for this reason people want to be assured that what they have will operate with what they already have obtained.
I would say that PHP has the ball in this category. Its winning card is Open Source. This means that PHP has a potential of unlimited developers behind it, greater resources, and a larger library of documentation. Due to all of these factors, much more is developed in addition and more is able to be learned by the programmer.
ASP is commonly thought to only run on IIS. As I mentioned earlier, this is not exactly the case. ASP can, in fact, run on Apache. Apache ASP is a port that enables limited ASP functionality on any Apache web server. The only requirement is mod_perl being enabled.
Always remember that PHP can run on any platform. Mac OS X, Windows, Linux, and Solaris all are among its possible Operating Systems.
Anything can be hacked, no matter how strong the security. The only thing lacking is the time and the resources of how to do it.
Apache's security options make it more secure than Windows Server Operating Systems. IIS is known for many security holes and constant patching. However, I will not be one to say that Apache is security foolproof.
ASP has its roots in Microsoft's most commonly known language, Visual Basic. For this reason, it is very simple to learn and incorporate. PHP has more of a C++ language base. I believe that this also contributes to its speed abilities.
ASP's Common Misconception
ASP.NET and ASP are not the same. ASP.NET is a complete rewrite of the ASP programming language and, for this reason, most of it is not backwards compatible. .NET was written to fit more into the newer Microsoft architecture.
Personally, I would say that PHP is faster, easier, more compatible, more secure, and even cheaper to work with. This is not to say that ASP will never be part of my projects. I just prefer to use PHP because of its abilities over ASP; but it's not really worth arguing over. Just use what is most compatible with what you have, and fits what you desire most.