Software validation is a huge area, there is no one definite answer to your question. Moreover, software validation engineer is usually a special position requiring much more knowledge than development and many skills (like for example "debugging specification" that is really very non-trivial) that are now common in developer community.
Second, software validation (and code validation as an essential part of it) is not testing. There is a famous quote by Dijkstra:
Testing shows the presence, not the absence of bugs
So, this is the main difference from software validation (i.e. stating that your software is valid, contains no errors) and testing (for potential errors or bugs).
If we reduce your question to "how to properly validate a PHP-based web application?" I can give the following answer:
Taint analysis.
There are some neat tools(1,2) to perform taint analysis on PHP. This is a static analysis (that means it is done without, running your code) that identifies possible sinks (leaks) of confidential information.
I have used some of these tools (Pixy) in my own practice and found out that they, as all other tools in static analysis, seem to overestimate the potential danger. Nonetheless, they can help you to identify some security problems you might not be aware. This is especially important for web applications dealing with some sensitive data.
This won't exclude all possible vulnerabilities, like XSS, but will cover many common ones, like PHP code and SQL injections etc.
Conformity validation.
This step you already did by having run JSLint and CSS/HTML validators against your complete website.
Load tests.
If availability of your web application is an issue (or even a part of your SLA) then I would also perform some load tests. Those can be generated by some IDEs, like Visual Studio, or you can also use the open-source JMeter framework for this purposes.