Shiflett, who is also founder of PHPCommunity.org and a member of the Zend PHP Advisory Board, said the consortium will also conduct code audits of popular third-party applications written in PHP to find security vulnerabilities. "Youll see us issuing advisories and guidance based on our own findings," he said. The immediate plan is for the consortium to organize its work into separate projects consisting of documentation, utilities and other resources. The first project is Shifletts own PHP Security Guide, which discusses the most common security concerns for Web developers.For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog. The aggressive move to beef up security around PHP comes at a crucial time for the project, which is shipped standard with a number of Web servers. The 10-year-old project has seen startling usage growth in recent years, including adoption by high-profile Web properties like Yahoo Inc., Lycos Inc. and Disney Online. German airline Deutsche Lufthansa has also embraced PHP in a big way, using the scripting language for electronic ticketing and back-end systems for its agencies and bookings. Lufthansa is currently running 50 PHP servers. Check out eWEEK.coms for the latest security news, reviews and analysis.
"The guide tries to explain the attack scenarios and give examples of exploits. Developers need to understand how attacks happen and how they can secure their applications," Shiflett explained.