OWASP, the Open Web Application Security Project, is famous for its Top Ten list of security vulnerabilities. David ported the list to PHP (PHP and the OWASP Top Ten), and now OWASP has released its own PHP-specific list, the PHP Top 5:
The PHP Top 5 is based upon attack frequency in 2005 as reported to Bugtraq. This information is a valuable insight into the most devastating attacks against the world's most popular web application framework.In 2005, OWASP collaborated with SANS to research and write a completely new PHP section to their successful Top 20 2005. The OWASP PHP Top 5 is the full unabridged text, updated to reflect recent XSS attacks and SQL injection vectors.
OWASP, the Open Web Application Security Project
