These Are The 10 Best Jobs In Tech Field To Apply For In 2016.

 

If you are bored from your current tech job and looking to switch your job, remember this thing — some tech job are better than others. All you need is correct data at the right time to make the perfect decision.

The job hunting website Glassdoor is here to help you with its 2016 list of the best jobs. Civil engineer, mechanical engineers, and lawyers all have disappeared from this list. While the website has prepared a list of the top 25 jobs for 2016, out of those, we have picked the top 10 jobs in technology that you need to look for this year.

The list mentions the average salary, number of job openings and scores out of five. Let’s take a look:
10 best tech jobs you should apply for in 2016:
1. Data Scientist

Also called the ‘sexiest job of the 21st century’, the data scientist job profile is something that needs a wide range of skills including mathematical, statistical, predictive modeling, and business strategy skills. Their job includes collecting and analyzing ‘big data’ to present the hidden business insights.

    Number of Job Openings: 1,736
    Median Base Salary: $116,840
    Career Opportunities Rating: 4.1

2. Solutions Architect

Solutions architect is a person who is responsible for converting the requirements into the architecture of that solution and describing it using a set of design architecture standards.

    Number of Job Openings: 2,906
    Median Base Salary: $119,500
    Career Opportunities Rating: 3.5

3. Mobile Developer

The software requirements are converted into programmable code and programs by a mobile developer. Usually, a mobile developer is skilled in one specific field like mobile development, graphics software, business software etc.

    Number of Job Openings: 2,251
    Median Base Salary: $90,000
    Career Opportunities Rating: 3.8

4. Product Manager

A product manager finds an intersection between technology, business, and user experience to discover a valuable and feasible product. This person oversees the projects and their progress.

    Number of Job Openings: 6,607
    Median Base Salary: $106,680
    Career Opportunities Rating: 3.3

5. Software Engineer

A software engineer is responsible for the complete life-cycle of a new or modified version of a software. This person works on everything — research, design, training, application, and support.

    Number of Job Openings: 49,270
    Median Base Salary: $95,000
    Career Opportunities Rating: 3.3

6. Analytics Manager

An analytics manager plays a key role in designing the future strategy of a company. This person generates information based on previous records and performance to arrive at a comprehensive result.

    Number of Job Openings: 982
    Median Base Salary: $105,000
    Career Opportunities Rating: 3.7

7. Software Development Manager

A software manager is often called the ‘man in the middle’. This person deals with software development projects and takes care of various developments, customers, management, and sales aspects.

    Number of Job Openings: 1,199
    Median Base Salary: $135,000
    Career Opportunities Rating: 3.4

8. QA [Quality Assurance] Manager

A QA manager ensures that the end product fulfills the relevant criteria, establishes procedures and certain quality standards.

    Number of Job Openings: 3,749
    Median Base Salary: $85,000
    Career Opportunities Rating: 3.4

9. UX [User Experience] Designer

A UX designer is responsible for the looks and feel of a product. This person explores multiple approaches to arrive at a final solution to ensure that the product provides the best user experience.

    Number of Job Openings: 863
    Median Base Salary: $91,800
    Career Opportunities Rating: 3.6

10. Software Architect

A software architect is a software expert that designs software applications and dictates how the software will be implemented in an enterprise.

    Number of Job Openings: 653
    Median Base Salary: $130,000
    Career Opportunities Rating: 3.4

 

Why did Google choose Java as default application programming language for Android


Here are a few reasons why Google chose Java for its Android operating system

Google hit a bullseye with smartphone users when it brought out the first version Android operating system. At that time when Nokia and its proprietary Symbian operating system, ruled the roost in smartphone market, Google brought out the first version of Android in 2007. Today Android smartphones rule the world with over 85 percent of the smartphones in the world running on various versions of Android operating system.

Android’s source code is released by Google under open source licenses, although most Android devices ultimately ship with a combination of open source and proprietary software, including proprietary software required for accessing Google services.
Android

Android is based on the Linux kernel and designed primarily for touchscreen mobile devices such as smartphones and tablets. Android’s user interface is mainly based on direct manipulation, using touch gestures that loosely correspond to real-world actions, such as swiping, tapping and pinching, to manipulate on-screen objects, along with a virtual keyboard for text input.

The Android Apps and games, which are so popular among smartphone users are compiled by developers using the Android software development kit (SDK). This Android SDK is compiled using Java programming language. So, why Java?
So why did Google choose Java over other programming languages

The basic advantages of having Java programming language for Android SDKs is given below :

    Java is a known language, developers know it and don’t have to learn it. Java has yet again emerged as the world’s most popular programming language. Also there are lots of engineers who specialise in Java making it easier for them to compile Apps and Games.
    It’s harder to shoot yourself with Java than with C/C++ code since it has no pointer arithmetic.
    It runs in a VM, so no need to recompile it for every phone out there and Java is easy to secure. This is Java’s very important feature. Running on a VM (thus no recompiling) is a huge plus. Also, it easily separates processes from each other, preventing a rogue application from destroying your phone or interfering with other applications. Every App has assigned its own address. All addresses are translated by MMU. This provides base level security to the App and the Android ecosystem by preventing leakages.
    As said in point number 1 above, since Java is the most popular programming language, a large number of development tools are available for developers. Java has huge open source support, with many libraries and tools are available to make developers life easier.
    Several mobile phones already used Java ME, so Java was known in the mobile industry and the engineers.
    The speed difference is not an issue for most applications; if it was you should code in low-level language
    Also Android as a operating system runs on many different hardware platforms including smart TVs, Android wear etc. Given that almost all VMs JIT compile down to native code, raw code speed is often comparable with native speed. A lot of delays attributed to higher-level languages are less to do with the VM overhead than other factors (a complex object runtime, ‘safety’ checking memory access by doing bounds checking, etc).
    Java allows developers to create sandbox applications, and create a better security model so that one bad App can’t take down your entire OS.

In addition to above points, at the time of development of first version of Android, the available languages like Go and Rust werent exactly popular and quite niche programming languages, so prioritising native languages would’ve meant the Android development team going with C or C++.

Go was used in the earlier versions of Android and found to have its limitations. Rust was smaller still, so betting Android’s whole OS’s development ecosystem on such a niche language would’ve been a bad idea.

Even the most diehard of programmers and coders will agree that C and C++ are notoriously difficult to work with, and even very senior engineers make dangerous mistakes very often. This is the reason, Microsoft chose to develop its on .NET architecture, however developing a separate language for Android would not have been feasible for Google at that time.

Also during the time the first Android version was being worked on, the JVM/CLR languages (i.e. the Java family and the C#/.NET family) were under ownership of Sun and Microsoft respectively. So it would not have been feasible for Google to use its ‘enemies’ programming language. Only after Oracle bought out Java and Google reached an understanding with Oracle that all proprietary issues were resolved.

Java is an absolutely massive ecosystem, and you have an embarrassing wealth of both libraries and tooling available for it, which mitigates how mediocre the language itself is. Where Apple had home field advantage by using Objective C in iOS (with Obj-C being the primary language for OS X development), Google’s choice of Java meant not having to build that ecosystem from scratch.

As seen above, Java was simply the best choice available at the time. Google has never officially commented on why it is using Java for Android SDKs but the above reasons are enough for Google and the Android team to back Java all the way.

Nuclear Power Plants Are The Next Easy Target Of Hackers All Over The World

 
cyber attack nuclear power plant hacker

Image: NTI Nuclear Security Index

Today, we are at a crossroads on nuclear security and the emerging threats in the form of cyber attacks and nuclear terrorism. Bur, our nuclear plants have failed to add necessary security measures to handle the cyber threats and potential security breaches. Based upon the two latest security reports, we have tried to assess the present day scenario which is too vulnerable.

 
The nuclear power plants around the world are living in a state of denial about the risks of possible cyber attacks. These highly sensitive facilities have failed to install the necessary security measures to protect their computer networks. Apart from this, 20 countries with nuclear fuel stockpile don’t have any government regulations to install some minimum security steps.

 

Such sorry state of our nuclear power plants was recently revealed in two different studies conducted by Security Operations Center (SOC) and the Nuclear Threat Initiative (NTI). Let’s tell you more about the situation:

“Security measures employed by Security Operations Center (SOC) aren’t enough”

The first report is an audit of Security Operations Center for the US Nuclear Regulatory Commission (NRC). Studying the affairs between 2013 and 2014, it was revealed that during this period the cyber attacks against US nuclear power plants grew with 18%. In the 18-page assessment report, it was highlighted that the computer networks used by NRC pose a real threat due to inadequate security measure. The NRC’s general inspector added that the measures deployed aren’t “optimized to protect the agency’s network in the current cyber threat environment.”

In the past, the sophistication of cyber attacks against nuclear power plants have increased. The hackers have attempted to gain unauthorized access using social engineering, code injection techniques, and other attempts.

It was reported that SOC, the in-charge of security at NRC, does not meet the agency needs and lacks predictive analysis to keep its networks protected.

“20 countries scored a disappointing 0 against theft and sabotage in nuclear power plants”

The second study, conducted by the Nuclear Threat Initiative (NTI), outlines the worldwide situation that reveals the gloomy condition of nuclear power plants. In this study, 47 countries were included — out of these, 24 had weapon-usable nuclear materials and 23 had nuclear facilities but they didn’t produce usable material.

Surprisingly, only 13 countries scored a perfect score of 4 when their preparations against a cyber attack (sabotage and theft) were examined. These countries were Australia, Belarus, Bulgaria, Canada, Finland, France, Hungary, the Netherlands, Russia, Switzerland, Taiwan, the United Kingdom, and the United States.

On the other hand, 20 countries scored a disappointing 0 against theft and sabotage. These countries were Algeria, Argentina, Armenia, Bangladesh, Belgium, Brazil, Chile, China, Egypt, Indonesia, Iran, Italy, Kazakhstan, Mexico, Morocco, North Korea, Peru, Slovakia, Spain, and Uzbekistan.

The Nuclear Threat Initiative publishes this annual index that examines the nuclear security all around the work. The agency also mentions that in the past few years many countries have improved their security measures but it isn’t enough.

Take a look at this year’s NTI security index scores below:nuclear-power-plants-from-all-over-the-world-are-vulnerable-to-cyberattacks-nti-report

Nuclear power plants are highly sensitive facilities that need the extra layer of security measures. Employing an army of security personnel for security purposes will be useless if these plants are vulnerable to hacking attacks. These reports suggest that immediate steps must be taken regarding this issue in everybody’s best interests.

How To Maximize Battery Life On Windows 10

Windows is known for poor battery life — irrespective of the Windows version you are using. People often wonder how to maximize battery life on Windows 10. Finally, we decided that we write an article over a guide to maximize the Windows 10 battery life:

How to Maximize the Windows 10 battery life?
Windows 10 battery saver mode:

Windows 10 comes with two power modes: Battery saver mode and the default mode. Well, The battery saver mode surely stops your Windows from sucking your power. It reduces the battery usage as much as 20 percent on normal mode.
Uninstall the unnecessary apps:

Windows 10 comes with a plethora of apps. I, personally, do not use News app, Store and many other. These apps keep sucking the battery life in the background. So, it is better to uninstall these apps.
Uninstall the unnecessary programs:

To maximize the battery life on Windows 10, it is recommended that you uninstall the unnecessary programs. Sometimes, these programs keep on updating in the background which you are not aware of. It does not only consumes your internet data but also, it keeps on taking the toll on the battery life.
Wi-Fi, Bluetooth, and Other Settings:

You do not need to leave Wi-Fi or Bluetooth turned on always. They keep on working and keep on sucking the battery out of your PC. So while watching a movie, or when you leave your PC idle for some time, turn off these settings, they are surely gonna save some battery life on Windows 10.
Update Windows While Charging:

Well, you do not have much control over Windows update on Windows 10. There are though certain ways to stop the Windows 10 upgrade but Windows keeps on popping out unnecessary notifications, almost bugging you to the core of your heart to update it. Well, you never know how long the Windows 10 takes. Sometimes, updating Windows 10 takes until eternity. It is advised that you keep your PC on charge while updating the Windows.

Reduce the volume:

We often leave the volume higher even though we are just typing or doing some work which do not actually need the volume to be up. Moreover, most of the laptops, these days, come with powerful speaker inbuilt. Though these speakers give you the soothing sound but they also suck the hell out of your battery life. So reduce the volume level on your Windows 10 while chatting or typing or doing something which does not need the higher volume.

Unplug Unnecessary Peripherals:

We often leave our mobile phones connected to the USB cables to our PC. Even though they consume the smallest amount of battery out of your PC but still it counts. So you might want to discontinue your mobile on being kept on charging. So keep a watch over USB cables, external mouse, Bluetooth-powered mouse, SD card and external keyboard and much more.

Keep your desktop and system drive clean:

When you boot up your PC, Windows 10 loads the most of the content of the C drive (or the drive where Windows is installed). The first thing we see on any PC after we power on it is Desktop. That means all the icons which are spread over the desktop are a part of C drive and they are also loaded up when the PC is powered up. So, try to keep your desktop clean so that Windows 10 does not have to load the entire programs scattered over the desktop.

Manage the brightness:

Brightness also consumes a lot of battery. So when watching a movie in a dark room, try to keep the brightness low. Or when you do not want your machine to be shut down and you are going somewhere, keep it dimmer. Keeping the brightness low in Windows 10 will save a lot of battery.

How to use your Android smartphone as remote mouse and keyboard for your PC

Here is how you can control your PC/laptop with your Android smartphone/tablet using it either as keyboard or mouse.

Android OS has increased the overall usage domain of mobile phones in a short period of time. Since it is always fun to do the awesome things with your smartphone, we are presenting a new way to use your Android smartphone/tablet. That is as a keyboard or mouse for your PC.

Before we begin, you must know this “this process will only work with Intel based PCs”. Now first of all you have to get Android Remote Keyboard App and software.

How to Set Up Intel Remote Keyboard

  1. Download Intel Remote Keyboard on your Android device or tablet.
  2. Download and install the Intel Remote Keyboard Host on your Windows PC. You will need to choose x86 or x64 depending on your Windows. If you aren’t sure what you are running, there are four easy ways to know if you’re on 64-bit Windows.
    (Important: Make sure your Android and Windows devices are connected to the same Wi-Fi network.)
  3. On your Android phone, tap the Windows device name.
  4. Your Windows PC will now show a large QR code. Just scan it with your Android smartphone’s camera (following the on-screen instructions) and the two devices will be paired.
  5. You’re all set!

What you can do:

How to use Android as keyboard or mouse for PC

The App is basically a virtual trackpad and keyboard for your computer. You can use it in portrait or landscape mode.

In portrait mode, your screen is divided into the trackpad area on the top and keyboard at the bottom. Intel’s keyboard looks much like any Android keyboard, but also has a Windows button, an Esc button, and the four arrow keys.

How to use Android as keyboard or mouse for PC

remote keyboard

Stuff which should have been there:

There could be some enhanced controls to fully optimise the facility. First, there is no “continuous scrolling” , that means you have to touch scroll button many times for scrolling upto a large distance. Second there is no “direct volume control” , since it is always convenient to adjust volume by using a dedicated key than to use mouse. We firmly expect that these features will be added in the upcoming updates.

Record-breaking 1 Tbs speed achieved over 5G mobile connection.

New Generations usually bring new base technologies, more network capacity for more data per user, and high speed Internet service, for which Internet service providers usually advertise. However, it is believed that the fifth generation (5G Technology) of mobile network will be beyond our thoughts.

1TBPS OVER 5G
Security researchers from the University of Surrey have just achieved Record-Breaking data speeds during a recent test of 5G wireless data connections, achieving an incredible One Terabit per second (1Tbps) speed – many thousands of times faster than the existing 4G connections.

After 4G, 5G is the next generation of mobile communication technology that aims at offering far greater capacity and be faster, more energy-efficient and more cost-effective than anything that has seen before. The boffins say 5G will be different – very different.

The 5G test was conducted at the university's 5G Innovation Centre (5GIC), which was founded by a host of telecoms industry partners including Huawei, Fujitsu, Samsung, Vodafone, EE, Aircom, BT, Telefonica, Aeroflex, BBC and Rohde & Schwarz.

DOWNLOAD 100 MOVIES IN JUST 3 SECONDS
1Tbps of speeds are far faster than previously announced 5G tests – Samsung’s 7.5 gigabits per second (Gbps) record, which was 30 times faster than 4G LTE (Long-Term Evolution) speed and just less than 1% of the Surrey team's speed.

    "We have developed 10 more breakthrough technologies and one of them means we can exceed 1Tbps wirelessly. This is the same capacity as fiber optics but we are doing it wirelessly," 5GIC director Prof Rahim Tafazolli told the news website V3.

With 1Tbps, it is possible to download a file 100 times the size of a feature film in just three seconds. This incredible speed is over 65,000 times faster than the current 4G download speeds.

5G EXPECTED TO ROLL OUT BY 2020
The test was carried out over a distance of 100 meters using equipment built at the university. The head of the 5GIC said he planned to demonstrate the technology to the public in 2018. It’s believed that 5G could possibly be available in the UK by 2020.

UK communications regulator Ofcom has been supportive of efforts to get 5G to the public. Ofcom previously said it expected 5G mobile should be able to deliver speeds between 10 and 50Gbps, compared with the 4G average download speed of 15 Megabits per second (Mbps).

    According to Prof Tafazolli, there were hurdles to overcome before 5G would be ready, he said, "An important aspect of 5G is how it will support applications in the future. We don't know what applications will be in use by 2020, or 2030 or 2040 for that matter, but we know they will be highly sensitive to latency."

There is a need to bring "end-to-end latency down to below one millisecond" in order to enable latest technologies and applications which would just not be possible with 4G. Tafazolli mentioned 3D holographic chess games on smartphones, controlling connected cars over 5G and other possible future applications requiring such low latency.

5G – NEW FRONTIER FOR CYBER ATTACKS
5G will, no doubt, provide a high speed Internet connectivity that would be really a great news for all, but that would be a distinction for cyber criminals as well. In Future, by leveraging 5G technology, it would be very easy for hackers and cybercriminals to take down almost any website on the Internet using Distributed Denial of Service (DDoS) attacks.

In Era of expected 50Gbps Internet speed at home or business, there would be no need for cyber criminals to make a critical infrastructure of botnets by compromising hundreds of thousands of devices, rather they only need few devices with 5G Internet connection to launch the ever largest DDoS attack of around 1 Tbps.

To resolve such issues in future, High speed Internet service providers and online communications service providers need to setup real time monitoring, reporting, limiting, and mitigation and protection mechanism against DDoS attacks in an attempt to protect online users.

Bill Gates Sponsored Giant Fans Will Soon Suck CO2 From Air and Recycle it as Fuel

Carbon-Engineering-Plant; CO2 is the major cause of climate change and global warming. As of now, sustainable development is just in speeches and when an immediate solution was seeming unlikely, Carbon Engineering came up with a technology that would reduce and recycle the CO2 present in the atmosphere instantaneously.
The rate of climate change today, and its effects on the planet’s future, incite some of the strongest opinions and anxiety among the people. While the world acknowledges it, yet no one wants to share the responsibility. No wonder Elon Musk calls this as humanity’s dumbest experiment.

Carbon emission is the biggest contributor to the increase in global temperatures worldwide, and it will continue to do so until an immediate solution is panned out. Planting trees can do the trick, but it would require vast amounts of fertile land to absorb even a small volume of CO2. But what if we could build something that does the same as forests- suck CO2 out of the atmosphere?

Carbon Engineering, a company sponsored by Bill gates, is working on technologies to take CO2 directly out of the atmosphere. It sounds amazing but not easy as CO2 represents just one molecule out of 2500 molecules in the air.

Carbon Engineering has built the prototype contactor that converts 100 kilos of carbon dioxide present in the atmosphere every day into harmless carbonates. Now just imagine the extent of their full-scale system.

At its maximum capacity, the full-scale system by the Carbon Engineering team is expected to capture the emissions from 300,000 cars every year. Air capture doesn’t require any exotic technology and can be scaled in size and installed anywhere on the Earth (since CO2 is present everywhere) depending on the economic and industrial needs of the place.

And, it doesn’t end here. The pure CO2 can be combined with H2 and form hydrocarbon fuels such as gasoline and jet fuel, thus continuing the above process.

Air-capture-forming-hydrocarbon-fuel

Air capture seems quite a promising technology, a solution that could provide sustainable development at a lower cost. The conventional cars are not going out anytime soon and nor the industries going to slow their pace, so air capture could be a game changer without affecting the development agenda of the countries.

A single email can give hackers access to the entire network:


Google researchers find code-execution bug in FireEye threat-prevention devices which can give hackers complete access to networks

Almost all companies install cyber security solutions to safeguard their networks against malicious vectors like hacking, spamming etc. Imagine what happens if there is a vulnerability in once such security device meant to protect your network.

Now, researchers say they have uncovered a critical vulnerability in such a product from security firm FireEye that can give attackers full network access.

According to Tavis Ormandy from Google, they have discovered an vulnerability in the NX, EX, AX, FX series of FireEye products. Ormandy says that the vulnerability makes it possible for attackers to penetrate a network by sending one of its members a single malicious e-mail, even if it’s never opened.

Ormandy, who has already uncovered bugs in many anti-virus solutions in the past says that they have informed FireEye about the bug. Ormandy has explained in a blog post published Tuesday:

For networks with deployed FireEye devices, a vulnerability that can be exploited via the passive monitoring interface would be a nightmare scenario. This would mean an attacker would only have to send an email to a user to gain access to a persistent network tap—the recipient wouldn’t even have to read the email, just receiving it would be enough.

‘A network tap is one of the most privileged machines on the network, with access to employee’s email, passwords, downloads, browsing history, confidential attachments, everything. In some deployment configurations* an attacker could tamper with traffic, inserting backdoors or worse. Because FireEye devices typically have a secondary internet-connected interface for updates and management, the issue could even be wormable across the internet.’

The devices are supposed to passively monitor network traffic from HTTP, FTP, SMTP connections. In instances where there’s a file transfer, the security appliance will scan it for malware. Ormandy and fellow Project Zero researcher Natalie Silvanovich found a vulnerability that can be exploited through such a passive monitoring interface. The researchers used the JODE Java decompiler to reverse engineer Java Archive files used by the FireEye devices. They then figured out a way to get the appliance to execute a malicious archive file by mimicking some of the same features found in legitimate ones.

“Putting these steps together, an attacker can send an e-mail to a user or get them to click a link, and completely compromise one of the most privileged machines on the network,” the researchers reported. “This allows exfiltration of confidential data, tampering with traffic, lateral movement around networks and even self-propagating internet worms.”

In a statement, a FireEye spokesman wrote:

On Friday December 4, FireEye was informed of and confirmed a Remote Code Execution (RCE) vulnerability impacting our NX, EX, AX, and FX products by Google Project Zero’s Tavis Ormandy. FireEye had been engaged with and was supporting the Google Project Zero team prior to this discovery around the testing of our products.

We released an automated remediation to customers just 6 hours after notification, mitigating any customer exposure by Saturday morning, December 5th and released a full, automated fix on Monday, December 7. In addition, we will be releasing a fix to support our out-of-contract customers.

We are thankful for the opportunity to support researchers in the testing of our products and will continue to support their efforts and fully support their efforts to improve our products.

Facebook dispute results in a 14 year old girl being shot dead

Birmingham teenager shot dead after a dispute on Facebook

An argument on Facebook took a ghastly turn of events when it ended in gunfire that killed 14 year old Kierra’onna Rice.

The online Facebook brawl between two groups of friends spilled out into the streets with a fistfight and later ended in gunfire that killed a 14-year-old girl and wounded two others in Alabama on Friday, authorities said. The fistfight between the girls was to be recorded for posting online according to th police.

Birmingham police said 14-year Kierra’onna Rice was shot and killed at around 5 p.m. in Birmingham after two males opened fire after Rice and several other girls met at a park to fight. Birmingham Police Chief A.C. Roper told the NBC reporter that some in the Facebook group planned to record the fight so video could be posted online.

Those who knew Rice say they never dreamed something like this would happen to her. They say she was loving and would lend a helping hand to anyone. Her classmate, Diamond Davis said,, “She was a good person. She, she never had any trouble. She was never in anything. She was a good person. She liked to help people.”

These top ten progamming languages have most vulnerable apps on the Internet.

web-apps
A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites.

The app security firm Veracode has released its State of Software Security: Focus on Application Development report (PDF), analyzing more than 200,000 separate applications from October 1, 2013, through March 31, 2015.

A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites.

The app security firm Veracode has released its State of Software Security: Focus on Application Development report (PDF), analyzing more than 200,000 separate applications from October 1, 2013, through March 31, 2015.

The security researchers crawled popular web scripting languages including PHP, Java, JavaScript, Ruby, .NET, C and C++, Microsoft Classic ASP, Android, iOS, and COBOL, scanning hundreds of thousands of applications over the last 18 months.

Researchers found that PHP – and less popular Web development languages Classic ASP and ColdFusion – are the riskiest programming languages for the Internet, while Java and .NET are the safest.

Here's the Top 10 List:

The Veracode research report used a unique metric, Flaw Density per MB, which means the number of security bugs in each MB of source code.
Programming-Language
Here's the list of unlucky winners:

    Classic ASP – 1,686 flaws/MB (1,112 critical)
    ColdFusion – 262 flaws/MB (227 critical)
    PHP – 184 flaws/MB (47 critical)
    Java – 51 flaws/MB (5.2 critical)
    .NET – 32 flaws/MB (9.7 critical)
    C++ – 26 flaws/MB (8.8 critical)
    iOS – 23 flaws/MB (0.9 critical)
    Android – 11 flaws/MB (0.4 critical)
    JavaScript – 8 flaws/MB (0.09 critical)


Web Apps in PHP are Most Vulnerable, Here's Why:

PHP, which is on third, is actually leading the ranking because ColdFusion is a high-end niche tool and Classic ASP is almost dead.

Taking a closer look at PHP:

    86% of applications written in PHP contained at least one cross-site scripting (XSS) vulnerability.
    56% of apps included SQLi (SQL injection), which is one of the dangerous and easy-to-exploit web application vulnerabilities.
    67% of apps allowed for directory traversal.
    61% of apps allowed for code injection.
    58% of apps had problems with credentials management
    73% of apps contained cryptographic issues.
    50% allowed for information leakage.

From above issues, SQLi and XSS are among the Open Web Application Security Project's (OWASP) Top 10 most critical web application security risks.
And the Title of "Most Vulnerable Programming Language of Year 2015" Goes to…
SQL injection bugs – which allow hackers to directly interact with a Web site's database – are the ones that have been blamed for the massive data breaches at kiddie toymaker VTech and telecom firm TalkTalk.

According to the report, the risk size of the above vulnerabilities can be measured by the volume of PHP apps developed for the Top 3 CMS (Content Management Systems) – WordPress, Drupal and Joomla – that represent over 70% of the CMS market.

Choose Your Scripting Language Wisely

Less than a quarter of Java applications contain SQL injection flaws, compared to more than three-quarters of those applications written in PHP.

    "When organizations are starting new development projects and selecting languages and methodologies, the security team has an opportunity to anticipate the types of vulnerabilities that are likely to arise and how best to test for them," Veracode's CTO Chris Wysopal advised.