Question 1. Is there a good web site for keeping up with web programming security issues. Most of my security knowledge has been picked up in bits and pieces. I have not stumbled across a good repository that keeps up with new treats, defenses, and other security related thinking.
Question 2. Is there a good repository of PHP best practices, the sort of thing that books by Scott Meyers and Herb Sutter provide for C++. Of course, C++ is such an awful language that it needs these needs these repositories more than than most. Still, such a repository is useful for any programming language. Skinflint that I am, I would prefer a free web site to a book, but I would be okay with a book too.
Suggestion. After reading thread http://www.yiiframew…61.msg8298.html, as well as some RBAC threads, I though it might be a good idea to break out a separate forum section/board/whatchamcallit for security. (I hope it is clear what a “section/board/whatchamcallit” is. There are ones for, eg., “Annoucements”, “General Discussion”, and “Installation and Setup”.) Security is a large topic that–perhaps more than other topics sicussed in these fora–mixes Yii issues, more generic PHP issues, and even more generic web programming issues. Among more other reasons for this, a separate section/board/whatchamcallit would help make visible a concern for security that programmers looking for a framework will like. Indeed, Daniel Carrera’s Cake/CI/Yii review, and especially its security section gave me a significant push Yii-ward.