From their homepage: PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
Combine this tool with my ‘Assault on PHP Applications’ blog entry and this recent ‘Web Security‘ article and you’ll be a fairly competent web pen-tester.