Web and mobile applications would be a lot more secure if it weren’t for a common coding practice that leaves behind vulnerabilities. Different programming languages solve different problems, so developers are left to use different languages for different functions in an application. The problem is if the technique is not implemented correctly, it leaves applications open to code injection attacks, cross-site scripting attacks, SQL injection attacks, and other malicious attacks.

There are so many different programming languages that developers aren’t always sure which one to use. Computer scientists at Carnegie Mellon University are hoping to solve that dilemma with the development of Wyvern, a programming language that provides a safe way to use multiple languages in the same program.

“Different languages capture different patterns and abstractions more concisely than others, and each language involves trade-offs,” said Cyrus Omar, computer science student at CMU. “Computing is now used in so many problem domains that it’s hard to imagine one language designer capturing all possible uses.”

According to Jonathan Aldrich, associate professor at the Institute for Software Research and leader of the research group, no programming language is right for everything. While HTML works well with Web pages, JavaScript helps make them responsive, and SQL is good for receiving data from a database, when developers try to use these languages together, it often leads to bottlenecks and vulnerabilities, he said.

“We wanted to develop Wyvern as a way of stitching these languages seamlessly together, so that programmers can work more productively and can avoid these vulnerabilities,” he said.

Currently, Wyvern is able to use multiple special-purpose languages such as HTML or SQL within a general-purpose programming language. If Wyvern doesn’t support a certain special-purpose language, programmers can implement support.

“It’s also very easy for programmers to switch from one language to another within Wyvern, which lowers the barrier to getting the benefits of multiple languages in one program,” said Aldrich.

While there are already a number of approaches that integrate multiple languages in some shape or form, the researchers stressed that Wyvern stands out because it doesn’t use strings to represent languages like HTML. It also adds support for as many new sub-languages as the programmer wants, makes it easy for anyone to implement a compiler, and allows programmers to move between languages in a natural way.