If you're not already doing testing (like unit testing) in your PHP-based applications but want to start, this new post on Taha Shashtari's site might just be for you. It provides a "gentle introduction" to unit testing, what it is and some of the tools you can use to get started.

Learning testing can be very overwhelming especially if you're just starting out. [...] You might have read a bunch of PHPUnit tutorials and maybe you tried to apply some of what you've learned in your projects, but it doesn't always feel right. And sometimes you get into situations where you have no clue how to test some feature in your application.

If anything of this happened to you, don't feel bad, we all have had this experience. And it's almost because of the way we learn it.

He starts by talking about some of the main goals of testing in your application and the difference between manual and automatic testing. He then gets into each of the three main testing types and follows it with links (and summaries) to tools you can use to get started testing. He ends the post with a brief look at test-driven development and, setting the stage for the next tutorial in the series, looks at the path ahead.

The Paragon Initiative blog has posted a gentle introduction to application security for those new to some of the ideas of secure code and wanting to learn more.

If you are a web developer (or are thinking about teaching yourself web programming), you probably don't think of yourself as a security engineer, or a white-hat/blue-team member of an information security assurance team. You might have considered security threats in the context of quality assurance before (e.g. validating input), but perhaps you're no expert on the subject. But the second your code is deployed in production, your code is the front line of defense for that entire system and quite possibly the entire network. Logically, that means the software you produce must be made reasonably secure.

[...] This might seem like a lot of pressure. [...] I'm not going to say you need to become an application security expert. That very notion betrays the (largely untapped) potential for rich diversity in the technology communities. But I will say this: Application Security is Every Developer's Responsibility

They remind developers that there's a lot more than just 10 types of vulnerabilities (or even 25) and proposes a new model for thinking of security weaknesses in your applications. He outlines five points for assessing the security of your apps, not just common vulnerabilities to fix:

• Failure to Separate Data from Instructions
• Unsound Application Logic
• Your Application's Operating Environment
• Cryptographic Weaknesses

The fifth is a catch-all "miscellaneous" category that would contain things that are either crossing the boundaries of the other categories or are just each in their own category. He suggests we move on to a "more secure tomorrow", evaluate our applications along these criteria.

On the Symfony blog there's a recent post about a new book from the Sensio Labs group looking to help you ease into using Symfony - A Gentle Introduction to symfony 1.4.

People keep asking me about when we will publish the "definitive guide" book for symfony 1.4. We already have quite an extension documentation on symfony, but the definitive guide has a different way to teach you symfony that is best suited for some people. So, in the last few months, I have updated it to match the current version of symfony.

This new book includes a few things that some of the others don't like some time spent describing the philosophy of the framework and chapters for each feature of the framework (so that finding the documentation you're looking for is easier). You can get the book in print from Amazon or you can read it online for free.