What is it?
PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
PhpSecInfo is released under the “New BSD” license. View the LICENSE file for more details
We encourage interested PHP developers to:
- propose new tests
- write tests
- write documentation
- ask questions
- offer suggestions and feedback
In the near future we’ll sort out bug reporting tools and hopefully public SVN access. We do have a mailing list set up for public discussion at:
Development of PhpSecInfo is being sponsored in part by CERIAS at Purdue University.