Learning PHP security and framework concepts

Question

I am a Computer Science student. I know there is a saying "don't reinvent the wheel" however I feel that the best way to truly learn things is to write things from scratch. However then when the idea is understood, start using well established tools in the industry.

So far my PHP web applications are relative simple from PHP view point so I am trying to learn new frontiers such as security and framework concepts. I read this PHP security book for beginners. What would be other suggestions on going about learning more advanced security approaches in the industry? Also what would be the recommendations on learning more advanced PHP features and how to properly implement them such as URL rewrites (the processing of the rewrite since Apache takes care of the actual rewrites), and whatever else topics are a must learn for a PHP developer (or web developer - PHP, Python, Ruby, etc)?

Answer 1

Essential PHP Security is indeed an excellent resource. I would also recommend OWASP as well as Pro PHP Security. If you take the approach that everything is suspect, you will code more securely.

As for mod_rewrite, there are plenty of tutorials on the net and for best coding practices check out some of the tutorials and articles on Smashing Magazine.

Answer 2

You should consult (besides the books) some of the blogs and online resources, like the Chris Shiflett's Blog, which is an outstanding resource and home of most of the more important articles on security.

Another important advice I took from a book I've read

Inmature artist imitate, mature artists steal

If you want to do some good stuff, go ahead and disect the common and known CMS in PHP, like Joomla(Personal Favourite), Kohana, Wordpress and CodeIgniter. Disecting those systems and snooping around to see their entrails is the best way to learn.

Hope I can help!