The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement.

It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.



This screenshot illustrates how PHPSecInfo identifies the security misconfiguration and the fix suggestions.

You can download this tool here