No, this research paper will not tell you which language is better or which language you should choose when building your next award winning application. However, this study will give you a decent understanding of the security implications in your choice of Java or PHP for creating web applications. In particular, this study analyzes various open source web applications written in both Java and PHP over a two year period and compares the results.
Sorry, no spoilers. If you’re curious who came out ahead you’ll have to read the research paper here: ESSOS 2010 Final Submission
So, now that I’m sure you have read (in length) the paper about Java vs. PHP, you should be ready to talk about plugins. And when I mean plugins, I am talking about web application plugins and what they bring to the security game. The whole theory here is that plugins for web applications are analogous to drivers for operating systems in how they impact security (ie. plugins expose weaknesses in the containing application).
Once again, you’ll have to read the paper if you want to know the results. You can find the paper here: MetriSec Final Submission