AppDynamics PHP blog has posted the second part of their series looking at some of the basics of PHP security. In part one they talked about some of the most common attacks and how to remediate them. In this latest part they "dive deeper" and get into some of the more advanced issues.
Truth be told, there are potentially an infinite number of ways in which a software product can be compromised and have its security breached. [...] New security flaws are regularly found, and routine patches are immediately released for most of the major software applications you utilize in your application stack. No matter whether your web or database server, your operating system, your PHP runtime, or even the MVC framework that your time adopted, your point(s) of exposure may exist anywhere within the various components that make up your application ecosystem.
They start with a few more advanced best practices including using SSL and keeping error messages away from the public eye. They briefly discuss other kinds of injection types (besides just SQL) and offer some tips about securing the data that lives in the application as well.