John Lim at PHP Everywhere - Web Application Security Reviews:
"As we continue to develop what I like to think is Enterprise PHP software, one of the most painful parts of the software installation is when we have to go through security audits. The most sticky and difficult ones that i have seen are the audits of financial institutions.
After a while, the requirements are pretty similar, but to pass our first audit wasn't easy. Here's a sampling of what is required."