Two questions and a suggestion

Question 1.  Is there a good web site for keeping up with web programming security issues.  Most of my security knowledge has been picked up in bits and pieces.  I have not stumbled across a good repository that keeps up with new treats, defenses, and other security related thinking.

Question 2.  Is there a good repository of PHP best practices, the sort of thing that books by Scott Meyers and Herb Sutter provide for C++.  Of course, C++ is such an awful language that it needs these needs these repositories more than than most.  Still, such a repository is useful for any programming language.  Skinflint that I am, I would prefer a free web site to a book, but I would be okay with a book too.

Suggestion.  After reading thread http://www.yiiframew…61.msg8298.html, as well as some RBAC threads, I though it might be a good idea to break out a separate forum section/board/whatchamcallit for security.  (I hope it is clear what a “section/board/whatchamcallit” is.  There are ones for, eg., “Annoucements”, “General Discussion”, and “Installation and Setup”.)  Security is a large topic that–perhaps more than other topics sicussed in these fora–mixes Yii issues, more generic PHP issues, and even more generic web programming issues.  Among more other reasons for this, a separate section/board/whatchamcallit would help make visible a concern for security that programmers looking for a framework will like.  Indeed, Daniel Carrera’s Cake/CI/Yii review, and especially its security section gave me a significant push Yii-ward.

Security alone, or security and SEO? Security "adjustments" can have an impact on SE results.

I too would like to see a section on security, with SEO. There are organised syndicates of highly specialised hackers ready to break into and disrupt sites, especially in Russia. I read an unpublished security brief about this recently. Most, if not all, Yii's competitors suffer security issues. It is one of the major reasons I have moved to Yii. Now Yii, with it's fresh OO approach, seems to have a lead of sorts, it would be good to have a place to develop debate and feedback upon this important subject and how misunderstanding it can cause lower than expected SE profile.

Thank you for your suggestion. Yes, security is always our top priority. We will add a new forum section if we see many security-related posts popping up.