Attacks are directed toward "Security Vulnerabilities" that exist in your network or site infrastructure. A vulnerability is not so much an issue, unless it is attacked. Security Vulnerabilities escalate to Security Exploits once attacked successfully. Once exploited, your website or network may become compromised in one form or another.
Discovering Security Vulnerabilities in your eCommerce web site prior to being attacked is a key strategy for a Security Consultant. Once found, each vulnerability should be assessed for type, severity, difficulty of exploit, and the source of the security vulnerability. If introduced by your PHP Web Site Programmer, similar vulnerabilities may exist elsewhere in your web site. Some may be introduced by box packages, which is even worse, because any hacker can get a copy of your boxed software and evaluate all your security flaws, perfecting their attacks Offline.