I work with LAMP based web sites, particularly Drupal, and was wondering if anyone knew of a good security checklist to help audit new and existing commerce sites for security vulnerabilities?
Cheers.
The best resource for web application security is undoubtedly the OWASP Top 10. OWASP is a not for profit, technology agnostic organisation dedicated to improving web application security. They produce a document titled "The ten most critical web application security risks" which is very easily consumable and should cover each of the angles you need to understand for an e-commerce app.
I suggest reading through each of the Top 10 carefully (the PDF version is very handy - 1 risk per page), understanding the risk and the impact and then ensuring you know how to mitigate this appropriately in PHP. Good luck!