Application Security Testing: An Integral Part of DevOps
PHP, ASP.NET, JSP, and Ruby on Rails (RoR) are the four most prevalent server-side scripting/programming languages found today on the world wide web. A server-side language processes information on a web server and then returns the processed information to a client's web browser. Any form you see on the Internet uses some manner of server-side execution to process that data.
Granted, in today's terms these may sound the same; however, there are a few small differences. A scripting language is actually run within a program, not separately. You must have an interpreter to execute a script. Because scripts are interpreted, there is no need for compiling. Programming languages use compilers to compile the human written code into the computers own language. Because scripting does not use this, it makes this form of programming very high-level.
PHP: Hypertext Preprocessor
PHP is the short name, as well the extension for Hypertext Preprocessor. The term Preprocessor arrives from the idea that the language is processed before reaching the client. This is the most commonly used scripting language found for form processing on the web.
PHP is, by far, my favorite of all server-side languages. I thoroughly enjoy the fact that it is open source. This most often assures that there will be a greater expanse of documentation, as well as libraries. In addiction to this, it has the potential of infinite developers. Also, remember that due to the Open Source Initiative, all open source software is free.
When coding PHP, there is no other way than to just type all the code out yourself. Some may see this as a disadvantage because of the time consumption; I see it as a benefit. Everything is customizable, provided you know how the language. It is also easy to find tutorials and examples that other desire to provide at no cost.
PHP has a unique method of memory handling. I believe that this greatly contributes to its speed. When an application opens, the operating system will delegate it some memory. For the sake of the machine's resources, most software will return the memory upon completion of a resource consuming task. PHP works in a completely different manner. Once the PHP module is initialized, it grabs a preconfigured amount of memory and holds it until the module is unloaded. This means that PHP never has to wait for other processes to give up its memory. Some may say this is a bad approach for machines with low memory. I disagree. Any server should have plenty of memory.
The Zend Engine, which was originally a re-write of the PHP core, is one thing that cannot be overlooked when talking about the language. Since PHP 4, it has actually become the core itself. It is a very highly powerful scripting engine with great performance and stability. Were it not for the Zend scripting engine, PHP would not be half of what it has become today.
ASP.NET: Active Server Pages .NET
ASP.NET is short for Active Server Pages. It is a framework built to run off of Microsoft's virtual machine component of their .NET infrastructure. Being built from this framework, this means that ASP.NET has the potential to run any .NET language code. This gives it a huge advantage when working with Windows machines and Internet Explorer.
ASP.NET is a uniquely versatile language because it is built upon Microsoft's .NET framework. As stated earlier, it has the ability to run any .NET code. So, if you want Visual Basic or C#, you can have it. This makes the porting of desktop applications to the web rather simple when it comes to forms, scripts, style sheets, and many other page elements.
ASP.NET is also very capable of being coded by hand. However, Microsoft has provided programmers with Visual Web Developer. This application makes ASP.NET coding much simpler to maintain and almost simple enough for a beginner. This application does not in any way have the advancement of Adobe's Dreamweaver when it comes to design, but when it comes to database work, everything being available at the click of a mouse is quite fantastic. When it comes to building forms, ASP.NET is the easiest to use by far.
Throughout the years, one major concern that has been raised about ASP.NET. It is very monopolistic. Think about this: Microsoft Server running Microsoft IIS with Microsoft's ASP.NET as the server-side language. One might argue that this would help for stability because it is very uniform. In actuality, it is quite the opposite. Nine times out of ten I will fight for Linux with Apache because of the open source solution.
JSP: JavaServer Pages
JSP is a web technology, developed by Sun, given the name JavaServer Pages. In short, this server-side development allows Java to be embedded into web pages without attaching a Java applet into the HTML source.
When considering JavaServer Pages, many believe that this means that Java is included. Well, in some ways, yes, and in some ways, no. To write JSP, one does not necessarily have to know Java. Mind you, knowing Java greatly helps out. The great advantage here is that Java servlets can be accessed without actually having to embed them into the HTML content.
JSP is a fast, efficient way to build and maintain dynamic web sites. The difficulty that many run into in becoming efficient coders in JSP is the multiple code tags. There are five different types of code tags to tell the server how to use the code within those tags. This can very quickly discourage many newcomers to the language.
JSP has a great advantage when incorporating any other form of Java programming within a web page. It has the ability to access all levels of Java so long as the server has been configured properly. B4cause JSP has the Java Database Connectivity (JDBC) API at its fingertips, database applications are simple to construct. JavaBeans makes it possible to take multiple objects and encapsulate them into one object. This is great for passing data. And, because all this work is based on some sort of network/Internet connection, I must mention JSP's ability to access Java's RMI or Remote Method Invocation. This is best described as a remote procedure call.
Now, a distinction should be made here concerning Java Applets and JSP. Java applets are mini Java applications compiled to bytecode; they are executed within Java Virtual Machine (JVM). To process these applets, the client-side machine needs to have JVM installed. It is best just to put them in an applet tag in HTML.
RoR: Ruby on Rails
RoR is better known as Ruby on Rails. Ruby on Rails can be a rather confusing name for a programming language. Let me clarify some things now. Ruby on Rails is not a programming language; only Ruby is. Ruby is an object-oriented programming language with a well organized syntax. This helps to keep things very clean. Rails is an actual open-source framework developed for Ruby; it greatly focuses on web-based database applications.
Have you ever had to edit a configuration file for PHP? Some things are straightforward and others are a little more confusing. With RoR, even the configurations are in the Ruby language. Have you ever worked with a library that exchanges the information between a database and a user interface (UI)? That is known as Business Logic. Even that is written in Ruby. Monolingual is always easier than multilingual.
Ruby on Rails is also very well known for its ease of database web site building, but the bulk of boasting comes about when considering the time it takes to develop web software. When using RoR, one can develop at a significantly faster rate than most server-side languages. This is partly made possible by the lack of lengthy XML configuration files. The configuration is Ruby built right into the application. Also, the Ruby language is much more simplistic and can use less code to implement greater things. Take a look at almost any Ruby tutorial and you will understand.
When to use one language over another is possibly the most frequently asked question among server-side languages. To say that it all depends on personal preference would be to say that all four are identical languages without one having a benefit over the other three. This is completely wrong. Part should depend on personal preference and part should rely upon the task at hand. Look to which language could accomplish the project in the shortest time with the least amount of hassle.
Security is always a matter of concern with any language. Of course, one must remember that security is greatly based on the programmer not to leave holes in the code for intrusion. The key to maintaining security is to always keep up-to-date with any patches and software updates. Take into consideration what server software you are running as well as the operating system of the server. The typical settings are listed below, but are not restricted to these configurations.
|ASP.NET||Windows Server||Microsoft IIS|
Don't forget cost when comparing ideas about server-side programming. Remember that the majority of what has been covered is Open Source. That means it's completely free. This is where the Microsoft user is at a loss. Although Linux is free, Microsoft Server is not. When it comes to JavaServer Pages, the only cost issues one might encounter with are those of additional Java resources.
There are many great and useful server-side web languages and tools at our fingertips today. Each one has its own benefit and attraction to people. I do my best to stick to PHP as much as possible, but this merely a personal preference. When the time comes for ASP.NET, JSP, or Ruby on Rails, use what is necessary and most efficient for the cause.