TITLE:
Analysis and Evaluation of Performance Related to Java and PHP Security Codes
AUTHORS:
Fontaine Rafamantanantsoa, Rabetafika Louis Haja, Randrianomenjanahary Lala Ferdinand
KEYWORDS:
Applications, Attacks, XSS, Security, Java, PHP, Performances
JOURNAL NAME:
Communications and Network,
Vol.13 No.1,
February
26,
2021
ABSTRACT: In recent years, Internet exposure of applications continuously engenders
new forms threats that can endanger the security of the entire system and
raises many performance issues related to code security. The safety of
information systems becomes essential. This is why the performance linked to
security codes is of importance essential in the security systems of all
companies. Indeed, as contribution, to carry out measurements, it appropriates
tools that are the JMH tool (Java Microbenchmark Harness) and the PHP Benchmark
script tool which include unsecure java and PHP codes and secured against SQL
(Structured Query Language) injection, XSS (Cross Site Scripting) i.e., using prepared requests, stored
procedures, validation of input from white lists, reinforcement of minimum
privilege, when sending requests from the last ones to MySQL databases and
Postgresql. We recover the times of response to his requests. From java codes
and PHP (Hypertext Preprocessor) secure, we also retrieve the response time for
requests to databases MySQL and PostgresqL data. We then obtain the curves and
interpretations comparing performance related to security and non-security of
codes. The goal is to analyze and evaluate the performance comparing secure
Java and PHP code against unsecure java and PHP code using MySQL and Postgresql
databases. In Section 1, we presented the performance of the code Java and PHP.
The configuration of the experiments and the experimental results are discussed
in Sections 2 and 3, respectively. Use of suitable tool which is the JMH tool
and the PHP Benchmark script tool, we have developed in Java 1.8 and PHP 7.4
secure and non-secure codes that send the queries to the MySQL or Postgresql
database to carry out the measurements which led to the conclusion that the
insecure PHP and Java codes are faster in terms of response time compared to
the PHP and Java secure codes as the number of tables linked to the query
increases because the blocking times of SQL injection and XSS preventions
linked to its secure codes are increasing.