Since the PHPSecInfo is no longer updated, there is a similar tool which is recent, updated and could provides you with common security best practices for your PHP installations. Written by Chris Cornutt of PHPDeveloper.org website, INISCAN is a command line tool designed to scan the given php.ini file for common security practices and report back results.
A Sample scan of your PHP.ini could be done using :
$iniscan scan --path=/path/to/php.ini
Results for /path/to/php.ini:
============
Status | Severity | PHP Version | Key | Description
----------------------------------------------------------------------
PASS | ERROR | | session.use_cookies | Accepts cookies to manage sessions
PASS | ERROR | 4.3.0 | session.use_only_cookies | Must use cookies to manage sessions, don't accept session-ids in a link
1 passing
2 failure(s)
The tool display failures in red and yellow depending on the severity of the issue, and passed tests are displayed in green.
You can install iniscan using Composer :
composer requires psecio/iniscan
Pretty simple to use and could provides you with the basic common security issues that you can fix in your own PHP installations.
