PHPSecInfo is a PHP environment security auditing tool which can be useful as part of a multilayered security approach.

The script runs a series of tests to identify potential security issues and offer suggestions.

It can be reached easily by calling the "index.php" files after uploading the project folder.

PHP Security Consortium also has a PHP security guide which you may want to check out.

P.S. PhpSecInfo is definitely not a replacement for secure coding practices & doesn’t audit PHP code.

VidoopCAPTCHA is a free verification solution that works image-based which is unusual compared to the widely-used text-based ones.

It aims to be a more user-friendly solution as text-based captchas can sometimes be so hard to read for humans besides bots.

VidoopCaptcha is a hosted service & have plugins for WordPress, Ruby on Rails, and Drupal. Also, there are libraries for programming languages such as PHP, Python, and .NET.

It offers some customization options like category, number of grid squares, color & grid size. For a demo of this security resource, click here.

Normally, when a data is submitted, it is sent in plain text if no SSL is used.

jCryption is a jQuery plugin for encrypting POST/GET data submitted by forms.

It uses public-key algorithm of RSA for the encryption & has a PHP file for handling the decryption of data.

Some features of jCryption:

• encryption up to 2048 bit
• AjaxSubmit supported
• doesn’t block the browser on calculations

The plugin is easy to install, use and extend. Calling the jCryption function:

$("#formID").jCryption();

and handling the data with the ready-to-use PHP function is enough.

DesignShack is presenting a very nice tutorial on creating a virtual keyboard with jQuery (script can be downloaded).

Such virtual keyboards are generally used in bank websites or forms that require extra security. They are a step for preventing keyloggers (but may not be an absolute solution as keyloggers are getting smarter).

It is very easy to add new characters to the keyboard if needed & the keyboard can be dragged to anywhere on the screen.

To check the demo, click here.

Internet Captcha is a Flash-based captcha script which can be generated online with a configuration interface.

It lets you define all the variables of the captcha including the distortion level, color, Flash effect & more.

The configuration wizard created the necessary JavaScript and ASP / PHP files and shows how to install this captcha script step by step.

One nice feature of Internet Captcha is, it shows you the security level of the captcha you designed.

Scrawlr is a free software for scanning SQL injection vulnerabilities on your web applications.

It is developed by HP Web Security Research Group in coordination with Microsoft Security Response Center.

Scrawlr crawls a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.

After the scanning process, if it can find, it even shows your database table names as a proof of the possible SQL injection vulnerabilities.

With over 70% of all attacks now carried out over the web application level.

Web application firewalls are used to create an external security layer to improve security, detection, and prevention of attacks before they hit web applications.

Web servers are well-equipped to log traffic for marketing analyses, but they are not good when it comes to logging of traffic to web applications.

ModSecurity is a web application firewall for Apache which makes full HTTP transaction logging possible, allowing complete requests and responses to be logged.

This web application firewall has an easy to use rule engine which creates the core of the system.

ModSecurity can monitor the HTTP traffic in real time, has other features like parallel text matching, Geo IP resolution, credit card number detection, support for content injection, automated rule updates, scripting & more.

Securimage is an free PHP captcha script used for protecting web forms from spam and abuse.

It can be easily installed and very well documented.

Different than the famous reCAPTCHA, which is web-based, Securimage is a downloadable solution that requires PHP and GD library to work.

Some feature of this captcha solution:

• Show an image in just 3 lines of code
• Validate submitted entries in less than 6 lines of code
• Customizable code length
• Choose the character set
• TTF font support
• Use custom GD fonts when TTF is not available
• Easily add background images
• Multi colored, angled, and transparent text options
• Arched lines through text
• Generates audible CAPTCHA files in wav format
• Use a word list for creating CAPTCHA codes

You can find a demo of the captcha here.

Secure input and data handling is hard when it comes to HTML because of many different types of malicious code (XSS).

HTML Purifier is a well documented, standards-compliant HTML filter library written in PHP. It simply:

• Removes all malicious code (better known as XSS) with an audited, secure yet permissive whitelist.
• Makes sure your documents are standards compliant. 

HTML Purifier requires PHP 5  (PHP 4 versions are not supported any more but can be downloaded). It saves so much time while developing & offers much more expertise than most of the self-coded data-handling libraries as HTML Purifier is concentrated only in this area.

This open source secure data handling solution also has a comparison chart wih other HTML filters.

Some community-written plugins for CMS softwares, WYSIWYG editors can be found in the HTML Purifier website.