Hackers are focusing on vulnerabilities in the PHP web application development platform threatening most websites, warns the latest hacker intelligence report from security firm Imperva.

This practice is in line with the well-established trend of hackers aiming at commonly used third-party components to get the best return on investment.

PHP is an alternative to Microsoft's Active Server Page (ASP) technology and is used mainly on Linux web servers.

“Because compromised hosts can be used as botnet slaves to attack other servers, exploits against PHP applications can affect the general security and health of the entire web,” said Amichai Shulman, CTO at Imperva.

“The effects of these attacks can be great as the PHP platform is by far the most popular web application development platform, powering more than 80% of all websites, including Facebook and Wikipedia. Clearly, it is time for the security community to devote more attention to this issue.”

Return on investment According to the report, hackers are increasingly capable of packaging higher levels of sophistication into simpler scripts. PHP SuperGlobals are a prime target that yields a high return on investment. PHP SuperGlobals are several predefined variables in PHP available in all scopes throughout a script. The PHP SuperGlobal parameters are gaining popularity in the hacking community because they incorporate multiple security problems into an advanced web threat. This can be used to break application logic, compromise servers and result in fraudulent transactions and data theft, researchers said. Read more about web application security Using free Web application security scanning tools to secure Web apps

An introduction to Web application threat modeling

Web application testing: Three lessons

Why securing internal applications is as important as Web-facing apps

Slideshow: Five common Web application vulnerabilities and mitigations

Web-based application testing versus desktop application testing

Five common Web application vulnerabilities and how to avoid them They note that PHP applications do not protect against the modification of variables from external sources, such as query parameters or cookies. According to the report, the researchers have seen attackers abusing SuperGlobal variables for the purpose of remote code execution, remote file inclusion and security filter evasions attacks. In one month, Imperva’s research team noted an average of 144 attacks per sample application that contained attack vectors related to SuperGlobal parameters. These attacks appeared in the form of request burst floods, with peaks of between 20 and 90 hits per minute on an application, with some attacks lasting more than five months. Researchers said SuperGlobal variable manipulation is becoming popular and that some of the biggest vulnerability scanners are specifically looking for this vulnerable vector. Researchers found a vulnerability in the popular PhpMyAdmin (PMA) utility used to manage MySQL databases in PHP environments.