"Perhaps PHP should stand for Pretty Hard to Protect: A week after a
prominent bug finder and developer left the PHP Group, data from the
National Vulnerability Database has underscored the need for better
security in PHP-based Web applications."
…
"The concerns come as attackers and security researchers have
increasingly focused on finding flaws in Web applications. Earlier this
year, one researcher highlighted the upward trend in Web flaws in
general, and PHP in particular, when data for the first nine months of
2006 showed that vulnerabilities in Web applications had taken the top
3 spots in a list of most common flaws. The researcher, Steven
Christey, found that about 45 percent of the vulnerabilities found as
of September were either cross-site scripting flaws, database injection
bugs, or PHP file inclusion vulnerabilities."
Article Link http://www.securityfocus.com/news/11430
