ApacheCon EU was a nice conference - I gave talks on PHP security and testing PHP with Apache-Test. The testing talk went well, but having Geoff there would have made it much better. I modified the talk heavily in order to make it more pragmatic - I focused on how to use the framework more than how it works.
The PHP community really needs a good resource on testing PHP that covers fundamental ideologies and methodologies but also specific tools such as Apache-Test, PHPUnit, SimpleTest, .phpt, etc. Some of the best available information (specific to PHP) is what Marcus Baker has written in various places. With more of this sort of thing, I think testing could catch on, and this would benefit us all.
While at the conference, Zak showed me a cool DNS trick that I immediately recognized as an opportunity for a new type of web attack. I haven't seen this discussed anywhere, and as soon as I can discover a way to protect against it, I'll publish more information.