There are some good automated security scanners out there. For instance: Nesses/Nikto, WebScarab with proxmon, portswigger, and you can even go as far as using 3rd party companies such as HackerSafe.com or SecurityMetrics.com. Even though this doesn't give you a 100% fail-safe security scenario (*cough* nothing does and probably never will), it at least helps decrease the chances of common and even some more uncommon attacks such as SQL injections, overflows, man-in-the-middle attacks, etc. You also obviously have to write secure code and keep all of your software up to date (especially open source software). This is not only true for PHP, but for all programming languages. You should also try using BSD since you have a LAMP system. Some other good sources of information: http://www.webappsec.org/ http://www.owasp.org/ Hope this helps...

Web development is a nice and diverse field to get in to. The direction web development is heading should provide good job security... you will just need to learn how to use javascript/ajax, some server side language, SQL, and HTML/CSS. By having to handle multiple technologies in web development, your job doesn't seem as monotonous as going through some C# code all day fixing bugs or writing modules. You can also dive in to doing some graphics/ui design in the web development field if you're in to that sort of thing. I have a B.S. in computer science degree at Purdue University and I enjoy web development much more than working on desktop/other standalone applications all of the time.