PHP security scanners

Tools

iniscan (PHP configuration scanner)

configuration audit, security assessment

Iniscan scans a given php.ini file and tests it against security best practices. It reports back the results by showing a Pass or Fail for each related test. As it is a command-line utility, it can be used in automated testing.

Parse (PHP security scanner)

code analysis, security assessment

Writing insecure code is often easier than one might expect. A tool like Parse can perform a security analysis on PHP code.

pcc (PHP configuration scanner)

This tool helps with the detection of security issues in your PHP configuration. This is useful for web hosters, developers, and application owners to test their configuration for common weaknesses.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.