I’m dealing a lot with testing web applications with PHP and instead of dumping databases for test purposes, I’m using fzaninotto/faker to “generate” fake data elements like name, email, addresses, credit card numbers, etc… that I’m using with PHPUnit.
I’m using several static analysis tools like PHPLOC, PHPMD and PDepend. For security analysis I use psecio/parse, psecio/iniscan, mikestowe/Malicious-Code-Scanner and Sensiolabs package security checker.
Automated acceptance tests with Selenium are executed through PHPUnit/Selenium and resilience testing with Netflix/chaosmonkey.
Using SecList I can test weak/bad passwords with their 10M most used password list, fuzzing SQL injection and XSS vulnerabilities and much more.
I hope this list of tools can help your future PHP based web application testing.