Not a bad article on Zend on Secure Programming in PHP. Deals with some very commonly overlooked vulnerabilities. The best I’ve seen, though, is still A Study in Scarlet: Exploiting Common Vulnerabilities in PHP Applications.