Main Catalog Informatics, Computer Engineering and Control Methods and Systems of Information Protection, Information Security

Analysis of vulnerabilities in programming in different languages

Authors: Andreev A.M., Kuznetsov M.A., Savinchukov V.N., Sadkov F.M., Glinskaya E.V.
Published in issue: #5(100)/2025
DOI:
Category: Informatics, Computer Engineering and Control \| Chapter: Methods and Systems of Information Protection, Information Security
Keywords: vulnerabilities, programming languages, software, cybersecurity, cyberattacks, secure digital environment
Published: 19.10.2025

The purpose of this work is to analyze vulnerabilities specific to the Python, C, C++, and Java programming languages, as well as to identify common and specific problems associated with their use. The study will consider typical developer errors, language implementation features that contribute to the emergence of vulnerabilities, and methods for preventing them. The results of the work can be useful both for developers seeking to improve the security of their applications and for cybersecurity researchers involved in analyzing and eliminating vulnerabilities in software.
The relevance of the topic is due to the need to ensure the security of software systems in the context of a growing number of cyberattacks and tightening requirements for data protection. Understanding the nature of vulnerabilities and their sources in various programming languages allows not only to minimize risks, but also to develop more stable and reliable applications, which is an important step towards creating a secure digital environment.

References

[1] CWE-502: Deserialization of Untrusted Data. URL: https://cwe.mitre.org/data/definitions/502.html (accessed 15.03.2025).

[2] Pickle — Python object serialization. URL: https://docs.python.org/3/library/pickle.html (accessed 15.03.2025).

[3] URL: https://owasp.org/www-community/attacks/SQL_Injection (accessed 15.03.2025).

[4] Stroustrup B. The C++ Programming Language. URL: http://8361.ru/6sem/books/Straustrup-Yazyk_programmirovaniya_c.pdf (accessed 15.03.2025).

[5] The process of compiling programs in C++. URL: https://habr.com/ru/articles/478124/ (accessed 15.03.2025).

[6] Type and resource security in modern C++. URL: https://habr.com/ru/articles/749046/ (accessed 15.03.2025).

[7] Safer Usage of C++. URL: https://docs.google.com/document/d/e/2PACX-1vRZr-HJcYmf2Y76DhewaiJOhRNpjGHCxliAQTBhFxzv1QTae9o8mhBmDl32CRIuaWZLt5kVeH9e9jXv/pub (accessed 15.03.2025).

[8] Howard M., LeBlanc D. Writing Secure Code. Microsoft Press, 2003, 768 p.

[9] Dowd M., McDonald J., Schuh J. The Art of Software Security Assessment. Chapter 8. C String Handling, 2006.

[10] Exploiting Format String Vulnerabilities. URL: https://www.ida.liu.se/~TDDC90/literature/papers/teso-fs1-1.pdf (accessed 15.03.2025).

[11] CWE. URL: https://cwe.mitre.org/index.html (accessed 15.03.2025).

[12] URL: https://www.mend.io/most-secure-programming-languages (accessed 15.03.2025).

[13] URL: https://ru-hexlet-io.turbopages.org/ru.hexlet.io/s/blog/posts/java-uyazvimost (accessed 15.03.2025).

[14] Java Security Resource Center. URL: https://www.oracle.com/java/technologies/security.html (accessed 15.03.2025).