Securing the PHP Environment With PhpSecInfo



PhpSecInfo is an easy to use security auditing tool for the PHP Environment. We'll discuss how to use PhpSecInfo as part of your web app security toolkit, and how to customize and extend it for your specific needs.


PhpSecInfo is an easy to install, easy to use security auditing tool for the PHP Environment. PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement.

This talk will cover:

  • The current state of security in open-source web applications written in PHP
  • The importance of securely configuring PHP
  • The primary audiences for open-source web applications, and how PHPSecInfo can be useful to each
  • The role PHPSecInfo can play in a multilayered security approach
  • Deploying, modifying, and extending PHPSecInfo

Speaking experience


  • Edfinkler pensive

    Edward Finkler

    Funkatron Productions


    With over 15 years of passionate web development experience and open source advocacy, Ed Finkler loves empowering people through technology. He’s excited about creating things and sharing them with the world.

    He served as web lead and security researcher at The Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University for 9 years. More recently, he has been helping startup teams build exciting e-commerce, social sharing, and mapping systems. He’s a proud member of the Fictive Kin team, working on Done Not Done, Gimme Bar, and lots of other cool stuff.

    Ed spends much of his free time creating and working on open source projects such as Spaz, a long-running, award winning microblogging client. Ed also created the PHP libraries like FUnit, Resty.php, PHPSecInfo, and Inspekt.