Skip to content

PHP security controls

Control : PHP-2320

PHP enables system administrators to disable possible harmful functions. Depending on the software being used, many functions are not needed for proper functioning. An example of this would be the possibility to download a remote file via PHP, which is only needed in some applications.

Control : PHP-2372

Software in general should not display software names or versions to normal users of a service, to avoid information leakage.

Control : PHP-2374

This test determines if modules can be loaded with the ld() function

Control : PHP-2376

PHP allows file downloads with the allow_url_fopen setting. If not strictly needed for the applications running on the server, make sure this option is disabled.

Control : PHP-2378

PHP allows file downloads with the allow_url_include setting. If not strictly needed for the applications running on the server, make sure this option is disabled.

Control : PHP-2379

This control checks for the presence of Suhosin.