PHP security controls
Control : PHP-2320
PHP enables system administrators to disable possible harmful functions. Depending on the software being used, many functions are not needed for proper functioning. An example of this would be the possibility to download a remote file via PHP, which is only needed in some applications.
Control : PHP-2372
Software in general should not display software names or versions to normal users of a service, to avoid information leakage.
Control : PHP-2374
This test determines if modules can be loaded with the ld() function
Control : PHP-2376
PHP allows file downloads with the allow_url_fopen setting. If not strictly needed for the applications running on the server, make sure this option is disabled.
Control : PHP-2378
PHP allows file downloads with the allow_url_include setting. If not strictly needed for the applications running on the server, make sure this option is disabled.
Control : PHP-2379
This control checks for the presence of Suhosin.