Here I’ll List good tools about PHP security…
======================
PhpSecInfo
PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
http://phpsec.org/projects/phpsecinfo/
======================