PHPDeveloper.org: Ed Finkler's Blog: The PHP App Insecurity Top 20

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

Job Posting: RJ Byrd (Recruiter) Seeks PHP Application Developer (Dallas, TX)

News Archive

Zend Developer Zone: Dynamically Generating PDF Files with PHP and Haru

Jani Hartikainen's Blog: Base classes in OOP programming languages

Community News: PHP Quebec 2009 Schedule Announced

Community News: Latest Releases from PHPClasses.org

Brandon Savage's Blog: Hosting Made for PHP Developers

David Otton's Blog: php://memory, Unit Tests

Sameer's Blog: Creating a Figlet text in php

Eran Galperin's Blog: OO PHP Templating

Johannes Schluter's Blog: SQL completion in PHP strings

Smashing Magazine: 10 Advanced PHP Tips to Improve Your Programming

Ed Finkler's Blog:
The PHP App Insecurity Top 20

by Chris Cornutt April 19, 2007 @ 07:01:02

In a new post today, Ed Finkler shares some interesting stats he's generated based on some NIST NVD data and graphed out. It shows PHP as being in the top 20 list for more insecure applications.

What follows is a breakdown of the 20 PHP-based applications that had the highest aggregate vulnerability scores (NIST assigns a score from 1-10 for the severity of each entry), and the highest total number of vulnerabilities, over the past 12 months. Of the two, I feel that the aggregate score is a better indicator of security issues.

The Excel charts show the total NVD score and the total number of NVD entries for several popular PHP applications (like phpBB, phpMyAdmin, TikiWiki, and Joomla). He also notes that there are some other extenuating circumstances surrounding these numbers (not a level line) and that the trend seems to be more on the side of issues with forums than any other type of PHP application.

0 comments voice your opinion now!
insecure application top20 forum issue reported score entries graph insecure application top20 forum issue reported score entries graph

Similar Posts

Chris Shiflett's Blog: OWASP Spring of Code 2007

International PHP Magazine: December 2006 Issue Released

International PHP Magazine: August 2006 Issue Released

Nexen.net: PHP statistics for June 2007

Job Posting: Ning Seeks Web Application Performance Engineer (Palo Alto, CA)

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework