On the ServerGrove blog there's a new post looking at some of the currently available PHP security tools you can use to help keep your applications safe.

Security is getting more and more important, and the PHP community has been doing great improvements in this topic during the last few years. From better configuration settings to provide some level of security by default to frameworks providing functionality to avoid common attacks such as XSS, CSRF or SQL injection. [...] Well, any piece of software can have bugs, and obviously open source projects are not an exception. The good point is that security researchers, once they find a vulnerability, it is reported and added to a database of known vulnerabilities. We basically need to find a way to avoid using code with known vulnerabilities, and there are some interesting tools out there to help us.

They list four tools that focus on different areas of the security of your application to help provide good basic coverage:

• Security Advisories Checker
• Roave Security Advisories
• iniscan
• versionscan

One thing to note, these are all automated tools so they shouldn't be relied upon exclusively to ensure the security of your application. Testing and evaluation of the codebase with these and other testing tools should always be done as well.