Fontaine Rafamantanantsoa, Rabetafika Louis Haja, Randrianomenjanahary Lala Ferdinand
{"title":"Analysis and Evaluation of Performance Related to Java and PHP Security Codes","authors":"Fontaine Rafamantanantsoa, Rabetafika Louis Haja, Randrianomenjanahary Lala Ferdinand","doi":"10.4236/CN.2021.131004","DOIUrl":null,"url":null,"abstract":"In recent years, Internet exposure of applications continuously engenders new forms threats that can endanger the security of the entire system and raises many performance issues related to code security. The safety of information systems becomes essential. This is why the performance linked to security codes is of importance essential in the security systems of all companies. Indeed, as contribution, to carry out measurements, it appropriates tools that are the JMH tool (Java Microbenchmark Harness) and the PHP Benchmark script tool which include unsecure java and PHP codes and secured against SQL (Structured Query Language) injection, XSS (Cross Site Scripting) i.e., using prepared requests, stored procedures, validation of input from white lists, reinforcement of minimum privilege, when sending requests from the last ones to MySQL databases and Postgresql. We recover the times of response to his requests. From java codes and PHP (Hypertext Preprocessor) secure, we also retrieve the response time for requests to databases MySQL and PostgresqL data. We then obtain the curves and interpretations comparing performance related to security and non-security of codes. The goal is to analyze and evaluate the performance comparing secure Java and PHP code against unsecure java and PHP code using MySQL and Postgresql databases. In Section 1, we presented the performance of the code Java and PHP. The configuration of the experiments and the experimental results are discussed in Sections 2 and 3, respectively. Use of suitable tool which is the JMH tool and the PHP Benchmark script tool, we have developed in Java 1.8 and PHP 7.4 secure and non-secure codes that send the queries to the MySQL or Postgresql database to carry out the measurements which led to the conclusion that the insecure PHP and Java codes are faster in terms of response time compared to the PHP and Java secure codes as the number of tables linked to the query increases because the blocking times of SQL injection and XSS preventions linked to its secure codes are increasing.","PeriodicalId":91826,"journal":{"name":"... IEEE Conference on Communications and Network Security. IEEE Conference on Communications and Network Security","volume":"37 1","pages":"36-49"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"... IEEE Conference on Communications and Network Security. IEEE Conference on Communications and Network Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4236/CN.2021.131004","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In recent years, Internet exposure of applications continuously engenders new forms threats that can endanger the security of the entire system and raises many performance issues related to code security. The safety of information systems becomes essential. This is why the performance linked to security codes is of importance essential in the security systems of all companies. Indeed, as contribution, to carry out measurements, it appropriates tools that are the JMH tool (Java Microbenchmark Harness) and the PHP Benchmark script tool which include unsecure java and PHP codes and secured against SQL (Structured Query Language) injection, XSS (Cross Site Scripting) i.e., using prepared requests, stored procedures, validation of input from white lists, reinforcement of minimum privilege, when sending requests from the last ones to MySQL databases and Postgresql. We recover the times of response to his requests. From java codes and PHP (Hypertext Preprocessor) secure, we also retrieve the response time for requests to databases MySQL and PostgresqL data. We then obtain the curves and interpretations comparing performance related to security and non-security of codes. The goal is to analyze and evaluate the performance comparing secure Java and PHP code against unsecure java and PHP code using MySQL and Postgresql databases. In Section 1, we presented the performance of the code Java and PHP. The configuration of the experiments and the experimental results are discussed in Sections 2 and 3, respectively. Use of suitable tool which is the JMH tool and the PHP Benchmark script tool, we have developed in Java 1.8 and PHP 7.4 secure and non-secure codes that send the queries to the MySQL or Postgresql database to carry out the measurements which led to the conclusion that the insecure PHP and Java codes are faster in terms of response time compared to the PHP and Java secure codes as the number of tables linked to the query increases because the blocking times of SQL injection and XSS preventions linked to its secure codes are increasing.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
