This is the first in a series of newsletters, where we talk with Linux experts who will be speaking at the LinuxWorld Conference and Expo, which runs Aug. 14-17 at the Moscone Convention Center in San Francisco. PHP, PERL and other languages are useful and easy to learn tools that can be used to build some pretty functional Web-based applications. They can also be the bane of a system administrator's existence, especially when slapped together and used to publish Web apps accessible to the outside world.

"Due to the ease that some languages allow people to write Web applications people are throwing Web applications up left and right without any kind of security review," says David Cafaro, a systems analyst for the Advanced Research Computing group at Georgetown University. An example could be something as simple as a Web form on an apps server. If the code is poorly written, or is running on a vulnerable machine, this could allow someone to gain access as an Apache user, Cafaro says. If the Apache server isn't updated, or if an unknown vulnerability exists in the software for example, this could possibly allow someone to get root access to a machine. "People just have to pay attention to what they're putting up there and realize that it's for the world to see, and for the world to toy with," Cafaro says.