Why Your Web Apps are Sitting Ducks
The Honeynet Project, which provides real systems for unwitting attackers to interact with, says Web applications remain vulnerable for host of reasons. These include poor-quality code, the fact that attacks can be performed using PHP and shell scripts (which is generally easier than using buffer-overflow exploits), and the emergence of search engines as hacking tools.
The link for this article located at ComputerWorld is no longer available.