No matter what PHP project you start, you should always code with security in mind. There alre lots of PHP security tips out there  but here is your first  Top 10 PHP Web Application Security Rules you should never break.

In Q3 of 2007, Xcerion intends to release a new, free operating system that has the potential to fundamentally alter the economics of software development.
Meet XIOS.
If successful, it may be able to alter the power Microsoft draws from control of the desktop, to beat Google at its software-as-a-service play, and to make commodity Linux boxes more doable alternatives as a computing platform for the masses.

Drive-By Pharming Attacks could be the next BIG internet threat mainly because they can carry out the malicious exploit and still get undetected . Fortunately, you can prevent it easily.

Drive-By Pharming permits attackers to create a Web page that, simply when viewed, results in critical configuration changes to your home broadband router or wireless access point. As a result, attackers gain complete control over the ways by which you surf the Web, allowing them to direct you to sites they designed.

MySpace.com begun to display some seriously odd performance on Wednesday evening PST, which was certainly caused by a hack. A Mashable reader grabbed some screenshots, which show Tom’s message on the user homepage being replaced by a “Verify Your Email Address” message with Japanese text, apparently from Ozzie (Ozzie is like Tom for MySpace Japan - very unusual to see on the US site).

The "Q406 Roll-up" is a security pain because the exploits are heavily encrypted, say experts.A multi-exploit tool was accountable for nearly three-fourths of all Web-based attacks during December, a security company said Tuesday.

There are reports of a major problem concerning Adobe Acrobat files and Cross Site Scripting (XSS). A flaw was revealed in the way that the Adobe Reader browser plugin can be made to execute JavaScript code on the client side.This development is significant for a number of reasons:

Websense, Inc., a global leader in Web security and Web filtering software, released the results of its first European study of online Christmas shopping behaviour. The analysis found that whilst 75% of online Christmas shoppers were not totally certain about being able to identify a secure Website, only one in four considered keeping their credit card and online banking information safe and secure as their greatest concern.

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client and server related technologies. This is the 2.x branch which among other improvements introduces better interaction with the attack subroutines.

Please join us this week for an informative FREE SANS Webcast that you won't want to miss!

You can now download or subscribe to the SANS webcast calendar at:
http://www.sans.org/webcasts/calendar.ics

The Department of Veterans Affairs has awarded information technology solutions provider Merlin International and Watchfire, a provider of Web application vulnerability software, a multimillion-dollar award to build and maintain a Web application security system that will reduce security breach risks at the VA.