I'm a noob when it comes to OWASP and I don't know PHP, yet I have a phpBB-driven forum, go figure.
If you find a vulnerability you are advised to report it in a PM to an Admin/Mod. But I think by in large it's server/hosting related. For me I use layers. The chief layer is CloudFlare and that's probably why one would get an immediate 403.
Read my Sig...
73s and my 10-20 is via RLG, fly heading 053, intercept 315 DVV and look for the orange glow of a SAM.
I'm also into radio communications and aviation, etc. Read my Bio.