PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
* It is not a replacement for secure coding practices
* It does not audit PHP code
* It is not comprehensive test for either your hosting environment or your web application
* It is not the "final word." PHPSecInfo identifies *potential* problems and offers suggestions for improvement.
Continue Reading... * It is not a replacement for secure coding practices
* It does not audit PHP code
* It is not comprehensive test for either your hosting environment or your web application
* It is not the "final word." PHPSecInfo identifies *potential* problems and offers suggestions for improvement.
source:http://linuxpoison.blogspot.com/2011/02/13578167753814.html