"PHP is a very popular language with many flawed security "features".
Every PHP developer and hoster should understand the primary attack
vectors being used by attackers against PHP applications.
This article is the underlying research behind the SANS Top 20
2005's PHP section. The methodology used in the preparation of this
article is to review all Bugtraq postings containing the word "PHP" and
categorize each unique flaw. The author analyzed the most popular flaws
/ attacks, and researched prevention techniques, resulting in this
article."
Article Link: http://www.owasp.org/index.php/PHP_Top_5
