New Consortium Aims to Set PHP Security Standards

NEW YORK — A group of international PHP experts, including one of the founders of PHP enterprise platform developer Zend Technologies, have banded together and formed a new conglomerate aimed at promoting secure programming practices.

The newly formed PHP Security Consortium, created in response to the recent Santy worm outbreak that besieged phpBB bulletin boards across the Internet, intends to publish a variety of articles focused on security proofing PHP code and also audit commonly used PHP-coded applications

“PHP application security is a topic of growing important,” said Andi Gutmans, a charter member of PHPSC and one of the co-founders of Zend, a company that specializes in offering enterprise-ready PHP solutions.

“The launch of the PHP Security Consortium is a landmark even for the PHP community, and because most web development technologies face similar security concerns, we believe that developers using other solutions can also benefit from our efforts,” Gutmana said.

The group’s creation was spurred by a bevy of recent high-profile security flaws found in third-party applications, which the group says has hurt the credibility of PHP and the growing PHP scripting community.

Commonly used for allowing web pages to interact with MySQL databases, the 10-year-old open-source scripting language has experienced explosive growth recently, with companies like Yahoo, Lycos, Disney and Deutsche Lufthansa adopting its use for everything from simple web access to complex electronic ticketing systems.

“As PHP has transitioned from personal project to enterprise application development, the need to educate the community about secure programming practices has risen,” said PHPSC founder Chris Shiflett.

Shiflett, who is also the creator of PHPCommunity.org and sits on the Zend PHP Advisory Board, said that one of the biggest problems for the PHP community is the perception that the language is unsuitable for secure web use.

“There’s this odd tendency in the PHP community to call everything PHP, even if it’s just a third-party application written in PHP,” Shiflett said. “We saw this happen with the phpBB issue, even though it had nothing to do with a security problem in PHP.”

According to Shiflett, the new group will also be involved in experimental research in order to develop standards of best practice for PHP application development in addition to publishing documentation and tools to help prospective PHP programmers.

“Because PHP has a very low barrier to entry, a lot of inexperienced developers are using it for their solutions,” Shiflett told eWeek. “They don’t tend to understand Web application security and they’re creating application with serious vulnerabilities.

“There is this urgent need to educate these developers and provide them with resources to get up to speed,” Shiflett said.

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

FSC Unpacks SCOTUS Age Verification Ruling in Webinar

The Free Speech Coalition conducted a public webinar Tuesday to help adult industry stakeholders understand the Supreme Court’s recent decision in FSC v. Paxton, and its potential implications.

UK Lawmaker Calls for Appointment of 'Porn Minister'

Baroness Gabrielle Bertin, the Conservative member of Parliament who recently convened a new anti-pornography task force, is calling for the appointment of a “minister for porn,” according to British news outlet The Guardian.

FSC Toasts Jeffrey Douglas for 30 Years of Service

n the very same evening when the adult industry was hit hard by the Supreme Court ruling supporting Texas’ controversial age verification law, HB 1181, members of the Free Speech Coalition board, staff and supporters gathered to celebrate Jeffrey Douglas’ 30 years as board chair — a fitting reflection of his reputation as an eternal optimist.

TTS Opens UK Testing Location

Talent Testing Service (TTS) has opened a new U.K. location in Ware, Hertfordshire.

FSC: Age-Verification Laws Go Into Effect South Dakota, Georgia, Wyoming on July 1

The Free Speech Coalition (FSC) has published a statement regarding new age verification laws set to go into effect tomorrow in South Dakota, Georgia, and Wyoming.

FSC Responds to Supreme Court Decision on Texas AV Law

The Free Speech Coalition (FSC) has released a statement responding to last week's Supreme Court decision on FSC v. Paxton, the Texas age verification law.

Sex Work CEO Debuts Upgraded 'GPTease' AI Assistant

Sex Work CEO has introduced the new Canvas in-chat editing feature to its AI-powered, NSFW text generator, GPTease.

UPDATED: Supreme Court Rules Against Adult Industry in Pivotal Texas AV Case

The U.S. Supreme Court on Friday issued its decision in Free Speech Coalition v. Paxton, striking a blow against the online adult industry by ruling in support of Texas’ controversial age verification law, HB 1181.

North Carolina Passes Extreme Bill Targeting Adult Sites

The North Carolina state legislature this week ratified a bill that would impose new regulations that industry observers have warned could push adult websites and platforms to ban most adult creators and content.

Supreme Court Ruling Due Friday in FSC v. Paxton AV Case

The U.S. Supreme Court will rule on Friday in Free Speech Coalition v. Paxton, the adult industry trade association's challenge to Texas’ controversial age verification law, HB 1181.

Show More