see LICENSE for copyright and license info
Mailing List for bug reports, feedback, etc: http://lists.phpsec.gcosoftware.com/mailing
PHPSecInfo is a PHP environment security auditing tool modeled after the phpsecinfo() function. From a single function call, PHPSecInfo runs a series of tests on your PHP environment to identify potential security issues and offer suggestions. It can be useful as part of a multilayered security approach.
The simplest way:
Read the explanation of the result carefully. Research the issue on-line -- resources like the php.net official docs and the PHP Security Guide are very useful. Investigate why your environment is set up in such a way. If there's not a compelling reason to keep it as-is, you should probably
A by no means comprehensive list of resources to get your started:
Web Sites: http://www.php.net/manual/en/security.php http://phpsec.org/projects/guide/ http://phpsec.gcosoftware.com/projects/phpsecinfo/guide/
Books: http://phparch.com/pgps http://phpsecurity.org/ http://apachesecurity.net/
PHPSecInfo is intended to be used as a self-contained tool. However, you can obtain the test results in an array and then present this data in your preferred format.
Example:
require_once('PhpSecInfo/PhpSecInfo.php');
// instantiate the class
$psi = new PhpSecInfo();
// load and run all tests $psi->loadAndRun();
// grab the results as a multidimensional array $results = $psi->getResultsAsArray(); echo "
"; echo print_r($results, true); echo "";
// grab the standard results output as a string $html = $psi->getOutput();
// send it to the browser echo $html;
The best way is to follow our project on Github: https://github.com/bigdeej/PhpSecInfo