To gather insights on the state of application and data security, we spoke with 19 executives who are involved in application and data security for their clients.
Here’s who we talked to:
Sam Rehman, CTO, Arxan | Brian Hanrahan, Product Manager, Avecto | Philipp Schoene, Product Manager IAM & API, Axway | Bill Ledingham, CTO, Black Duck | Amit Ashbel, Marketing, Checkmarx | Jeff Williams, CTO and Co-Founder, Contrast Security | Tzach Kaufman, CTO and Founder, Covertix | Jonathan LaCour, V.P. of Cloud, Dreamhost | Anders Wallgren, CTO, Electric Cloud | Alexander Polykov, CTO and Co-Founder, ERPScan | Dan Dinnar, CEO, HexaTier | Alexey Grubauer, CIO, Jumio | Joan Wrabetz, CTO, Quali | John Rigney, CTO, Point3 Security | Bob Brodie, Partner, SUMOHeavy | Jim Hietala, V.P. Business Development Security, The Open Group | Chris Gervais, V.P. Engineering, Threat Stack | Peter Salamanca, V.P. of Infrastructure, TriCore Solutions | James E. Lee, EVP and CMO, Waratek
Here's what they told us when we asked them, "Which programming languages and frameworks do you, or your firm, use?"
- It’s better to do vulnerability analysis and attack blocking within the application itself. We use Java instrumentation APIs. Instruments are running within the applications to see what’s going on from the inside. We’re able to see patterns that look unusual. We use Java, .Net, NodeJS, and Cold Fusion to Java EE, and Spring to a REST API.
- C++ for agents and endpoints, Python, SQL Alchemy
- We use a mix of C, C++, .Net, and PowerShell. We’re selective about third party libraries and open source since they could have vulnerabilities.
- Web Open Source libraries, Java, AngularJS, Spring. Mobile: SDK, Android, iOS, Java, object oriented.
- We cover all Open Source and more than 70 languages.
- Linux, Eclipse, Java.
- Our product is only for Java-based apps today but we expect to launch a .NET version in 2017.
- C and C++.
- Whatever our clients are using.
What languages and frameworks do you use most frequently for application and data security?