One of my biggest frustrations as a pentester is convincing web developers that their environment is set up incorrectly. PHPSecInfo is a tool you load directly on the server that validates the security of the environment and suggests improvements.
From the web page...
"The idea behind PHPSecInfo is to provide an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach."
Good on ya!
Rick
1 comment:
Thanks! Please feel free to give us any kind of feedback or suggestions you may have.
Post a Comment