Backend conventions I follow: thin controllers with business logic in services; FormType for input validation and Voters for authorization; Doctrine migrations always, never manual schema drift; API Platform for REST where it fits, and custom controllers plus serializer where it doesn't; JWT (Lexik) or session auth, your choice; and PHPUnit unit and integration tests with fixtures.