Armorize Technologies have an interesting on-demand PHP source code analysis service CodeSecure. The product developed specifically for PHP, represents a powerful tool for identifying and fixing vulnerabilities in custom developed PHP applications.

CodeSecure utilizes the latest verification technology to analyze source code. These processes form an overall picture of the code, describe the functions and systematically check for vulnerabilities. The vulnerabilities are then traced and checked for severity, depth and scope, making CodeSecure the most advanced, most effective, and most comprehensive solution available to date. For more information see Security As A Service, you may also check the Armorize's Vulnerability database which have a very nice graphic illustrating the number of vulnerabilities in different categories since 1999.