New Consortium Aims to Set PHP Security Standards

NEW YORK — A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

The newly formed PHP Security Consortium, created in response to the recent Santy worm outbreak that besieged phpBB bulletin boards across the Internet, intends to publish a variety of articles focused on security proofing PHP code and also audit commonly used PHP-coded applications

“PHP application security is a topic of growing important,” said Andi Gutmans, a charter member of PHPSC and one of the co-founders of Zend, a company that specializes in offering enterprise-ready PHP solutions.

“The launch of the PHP Security Consortium is a landmark even for the PHP community, and because most web development technologies face similar security concerns, we believe that developers using other solutions can also benefit from our efforts,” Gutmana said.

The group’s creation was spurred by a bevy of recent high-profile security flaws found in third-party applications, which the group says has hurt the credibility of PHP and the growing PHP scripting community.

Commonly used for allowing web pages to interact with MySQL databases, the 10-year-old open-source scripting language has experienced explosive growth recently, with companies like Yahoo, Lycos, Disney and Deutsche Lufthansa adopting its use for everything from simple web access to complex electronic ticketing systems.

“As PHP has transitioned from personal project to enterprise application development, the need to educate the community about secure programming practices has risen,” said PHPSC founder Chris Shiflett.

Shiflett, who is also the creator of PHPCommunity.org and sits on the Zend PHP Advisory Board, said that one of the biggest problems for the PHP community is the perception that the language is unsuitable for secure web use.

“There’s this odd tendency in the PHP community to call everything PHP, even if it’s just a third-party application written in PHP,” Shiflett said. “We saw this happen with the phpBB issue, even though it had nothing to do with a security problem in PHP.”

According to Shiflett, the new group will also be involved in experimental research in order to develop standards of best practice for PHP application development in addition to publishing documentation and tools to help prospective PHP programmers.

“Because PHP has a very low barrier to entry, a lot of inexperienced developers are using it for their solutions,” Shiflett told eWeek. “They don’t tend to understand Web application security and they’re creating application with serious vulnerabilities.

“There is this urgent need to educate these developers and provide them with resources to get up to speed,” Shiflett said.

Copyright © 2026 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

Peter Hooke Launches New Paysite

Peter Hooke has launched an official website through PAYSITE.

Pineapple Support Names Ny Ny Lew as Brand Ambassador

Pineapple Support has named Ny Ny Lew as its newest brand ambassador.

Federal AV Proposal Passes House, Faces Senate Opposition

The U.S. House of Representatives on Monday passed the Kids Internet and Digital Safety (KIDS) Act, which includes provisions to make age verification by adult websites federal law, but the bill still faces tough going in the Senate.

Devin Drills Launches New Paysite

Creator Devin Drills has launched an official website through PAYSITE.

AV Bulletin: Midyear Roundup

Since the U.S. Supreme Court’s decision in Free Speech Coalition v. Paxton, more state age verification laws have been enacted around the United States, as well as proposed at the federal level and in other countries. Meanwhile, lawsuits resulting from AV laws have begun to play out in the courts. This roundup provides an update on the latest news and developments on the age verification front as it impacts the adult industry.

Judge Dismisses Last NCOSE-Backed Suit Over Kansas AV Law

A federal judge on Monday dismissed a lawsuit alleging that adult site SuperPorn violated Kansas’ age verification law, citing lack of jurisdiction after similarly dismissing two related cases earlier this year.

ASACP Updates 'Restricted to Adults' Labeling Resource Page

The Association of Sites Advocating Child Protection (ASACP) has updated its Restricted to Adults (RTA) labeling resource page.

Federal AV Proposal Scores Minor Win in House but Remains in Doubt

A newly announced bipartisan agreement in the U.S. House of Representatives Committee on Energy and Commerce may soon bring a proposed federal age verification law before the full House, but the measure continues to face an uphill battle.

Arizona Governor Vetoes 'Protect Act' With New Consent Provisions

Arizona Governor Kate Hobbs on Friday vetoed HB 2133, the “Protect Act,” which would have imposed new requirements for adult content uploaded online.

Brazil Begins Monitoring 18 Adult Sites for AV Compliance

Brazil’s National Data Protection Authority (ANPD) is now monitoring 18 high-traffic adult websites for compliance with the country’s Digital Statute for Children and Adolescents (Digital ECA), which requires such sites to age-verify users located in Brazil.

Show More