PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
* It is not a replacement for secure coding practices
* It does not audit PHP code
* It is not comprehensive test for either your hosting environment or your web application
* It is not the “final word.” PHPSecInfo identifies *potential* problems and offers suggestions for improvement.
Installation and using phpsecinfo:
Download PhpSecInfo from here, Uncompress and upload the contents of the archive to your web server’s document root.
Open a browser and view the index.php file where you’ve uploaded the files (probably something like http://www.yourdomain.com/phpsecinfo/index.php) and you should see something similar to …
If you are getting any warning or notice, you should read the explanation of the result carefully. Research the issue on-line on resources like the php.net official docs and the PHP Security Guide are very useful. Investigate why your environment is set up in such a way. If there’s not a compelling reason to keep it as-is, you should probably try to rectify it and run the PhpSecInfo tests again.