Analysis and Evaluation of Performance Related to Java and PHP Security Codes

Abstract

In recent years, Internet exposure of applications continuously engenders new forms threats that can endanger the security of the entire system and raises many performance issues related to code security. The safety of information systems becomes essential. This is why the performance linked to security codes is of importance essential in the security systems of all companies. Indeed, as contribution, to carry out measurements, it appropriates tools that are the JMH tool (Java Microbenchmark Harness) and the PHP Benchmark script tool which include unsecure java and PHP codes and secured against SQL (Structured Query Language) injection, XSS (Cross Site Scripting) i.e., using prepared requests, stored procedures, validation of input from white lists, reinforcement of minimum privilege, when sending requests from the last ones to MySQL databases and Postgresql. We recover the times of response to his requests. From java codes and PHP (Hypertext Preprocessor) secure, we also retrieve the response time for requests to databases MySQL and PostgresqL data. We then obtain the curves and interpretations comparing performance related to security and non-security of codes. The goal is to analyze and evaluate the performance comparing secure Java and PHP code against unsecure java and PHP code using MySQL and Postgresql databases. In Section 1, we presented the performance of the code Java and PHP. The configuration of the experiments and the experimental results are discussed in Sections 2 and 3, respectively. Use of suitable tool which is the JMH tool and the PHP Benchmark script tool, we have developed in Java 1.8 and PHP 7.4 secure and non-secure codes that send the queries to the MySQL or Postgresql database to carry out the measurements which led to the conclusion that the insecure PHP and Java codes are faster in terms of response time compared to the PHP and Java secure codes as the number of tables linked to the query increases because the blocking times of SQL injection and XSS preventions linked to its secure codes are increasing.