I need to make sure that PHP sites that I administrate, don't have any common PHP flaws, like SQL injection, wrongly configured permissions to files and folders etc. By site I mean for example Joomla site with plugins and modules. Making this security check manually can be time consuming and automated test could be run on daily basis to just make sure nothing has changed.
So my question is that is there any good automated software for this or do I have to code one myself?
I doubt there's anything -good (so, 100% reliable)- that's automated. But a nice topic to go through might be this one on SO, as it lists "historical security flaws".
http://stackoverflow.com/questions/2951917/historical-security-flaws-of-popular-php-cmss/
RFI, LFI, SQL Injection, too many to discuss, and probably too boring to read one by one. I suggest you use a fuzzer instead. There many free ones and here's a wiki article about it: http://en.wikipedia.org/wiki/Fuzz_testing
Using a fuzzer is a good idea. But, you could also try coding an automated system yourself, as this will boost your knowledge about php and security issues/loop holes in your php sites.
I would personally use Google's Skipfish and find out for yourself if there are problems, then build your own just for your needs and ease of use. Good luck!
To familiarize yourself with common web security flaws, you may also wish to explore Webgoat
I've been using netsparker http://www.mavitunasecurity.com/
Not exactly what you need but it can help a lot :)