Recently the existance of the OWASP PHP Top 5 List was announced in several places. After I read it I was shocked about it's content and immediately asked OWASP who is responsible for it, and that I am shocked about it's content (especially the blatant advertisement in it).

The reply I got was very unprofessional and contained multiple indignities. In my answer I disproved several of the accusations and told them that after their mail I cannot take them serious anymore and that I am not interested in helping them anymore. They continued by writing dirty blog entries about me...

However, as usual it is my duty to protect the PHP community from getting harmed by their self-proclaimed teachers. I am not going to dissect the OWASP article line by line, although it needs a complete rewrite. I am simply not willing to waste my time. I will just present the most dangerous problem in the article. It should be enough to convince people that the article should be avoided. For the audience it is maybe interesting, that the article was, according to it's author reviewed by Amit Klein, Chris Shiflett, Laura Thomson and other security specialists from SANS.

It is up to my audience to decide what they think about these people after reading the rest of this blog entry...