3 AnswersNew Answer
I am siding with php not sure if I am right
You need to understand that there is no valid answer to your question. ASP has been tested by highly paid Microsoft Testers and PHP is an open source platform. Their security will be dependent on exactly how it is used to implement your project. PHP comes with various CMS and each CMS has its own levels of security, some even come in with security plugins. Most projects are implemented from scratch using ASP.net, however, before implementation the controller side of things would be designed using C#. and C# classes and methods can very easily be tested (unit testing) using nUnit. So again, there is no valid answer to your question as far as i can see.
As a back end developer, security not language Dependent. security achieved avoiding bad practices and requires implementation of all security aspects of a application. Both ASP and PHP are used for developing large application. Whatever language you used, you require language best implementation in best logical way.