PhpSecInfo: PHP security information tool

Allowing access to any type of scripting on your web server opens the door for security problems. You never know when an attacker might randomly (or purposely) select your server as a target. Any running scripts have the potential for exploitation. PHP is no exception, and taking steps to secure PHP goes a long way in preventing an attack.

PhpSecInfo is one of the steps you can take. It is a small information tool that reports security information about PHP and offers suggestions on how to improve them. It is probably best described as a low level security tool that can be useful in helping identify problems before moving up to higher security auditing.

PhpSecInfo does not examine your PHP code to see if you have any possible security holes. Thus, it states clearly on its website that it is not a replacement for secure coding practices. What it can do is give you information about the PHP environment itself and how it is setup on your server. It is very easy to install, as it is itself a PHP script. Just uncompress it in a document directory on your server and open the URL pointing to it in a browser. PhpSecInfo is available for download from the PHP Security Consortium website and is free software released under the New BSD License.

Source and Photo: PHP Security Consortium