OWASP OVAL Content Project

Main
This project’s goal is to create standardized assesment documents (in OVAL XML format) for various application platforms such as .NET, Java, PHP etc. For example, there are several settings like Web.Config file which impacts security of ASP.NET web application. Likewise, PHP.INI has several security related settings. By creating OVAL definitions for these checks, it will enable any OVAL compatible tool (including the free OVAL Interpreter) to perform these checks.

PHP Security Settings
PHP OVAL definitions can be downloaded from here

 Please note that current definitions are designed to work on PHP Module loaded by Apache2 web server running on Linux OS

Details on these definitions can be found here