"Perhaps PHP should stand for Pretty Hard to Protect: A week after a prominent bug finder and developer left the PHP Group, data from the National Vulnerability Database has underscored the need for better security in PHP-based Web applications."

...

"The concerns come as attackers and security researchers have increasingly focused on finding flaws in Web applications. Earlier this year, one researcher highlighted the upward trend in Web flaws in general, and PHP in particular, when data for the first nine months of 2006 showed that vulnerabilities in Web applications had taken the top 3 spots in a list of most common flaws. The researcher, Steven Christey, found that about 45 percent of the vulnerabilities found as of September were either cross-site scripting flaws, database injection bugs, or PHP file inclusion vulnerabilities."

Article Link http://www.securityfocus.com/news/11430