Security is one of my particular personal interests, so I hope you will forgive me for providing a longer list of sources here!
First off the bat, read Bruce Schneier's book "Beyond Fear". It is not technical, so you need not worry whether your knowledge is up to scratch, and it is quite hard to put down because of his fast-paced and interesting writing style. If you want a general introduction to the field of security, this is for you.
For cryptography, Schneier has another great book in print, called Practical Cryptography. This book is technical, and elaborates on much of the crypto information presented in this chapter. Schneier has done a lot of work in the field of cryptography, and his works are pretty much canon.
If you are interested in Unix security, O'Reilly publish a great book by Simson Garfinkel et al called "Practical Unix and Internet Security". It is quite long and certainly not an exciting read in places, but it fulfils its goal of being a comprehensive guide to security for Unix sys admins.
Convicted hacker Kevin Mitnick has an excellent social discussion of hacking in print called "The Art of Deception". Mitnick is reformed now and works as a white hat (good guy) in the security field, and he approaches the topic of social engineering (convincing people to trust you as a way of hacking systems) in an original and enlightening way. A great read.
Finally, consider reading the "Secure Programming Cookbook", by John Viega et al. The book is focused on C and C++, but the topics presented are applicable in most programming languages, including PHP. Due to the C++ focus, you may find it more economical to loan this book from your library and read the hundred or so pages that are language agnostic and save yourself the cash.
Copyright ©2015 Paul Hudson. Follow me: @twostraws.