The fact that PHP.NET exists demonstrates that PHP and .NET are two totally different things and comparing them is meaningless.
What you would need to do is to compare vb.net, jscript.net, c++.net, php.net etc
or compare all the same languages running in a different environment.
Neither of those layers is the one where all the security issues occur either - they all happen at the application program level and the security or otherwise of the programs is relative to the experience of the people writing the programs. If you have experienced programmers writing the programs then there will be minimal security issues regardless of the language.
The least secure languages are therefore the ones that the newbies choose to use BECAUSE they are chosen to be used by newbies rather than because the languages themselves are insecure.