What is it?

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.


PhpSecInfo is released under the "New BSD" license. View the LICENSE file for more details


We encourage interested PHP developers to:

  • propose new tests
  • write tests
  • write documentation
  • ask questions
  • offer suggestions and feedback

In the near future we'll sort out bug reporting tools and hopefully public SVN access. We do have a mailing list set up for public discussion at:


CERIAS Logo Development of PhpSecInfo is being sponsored in part by CERIAS at Purdue University.

Get PhpSecInfo