PHP Security-analysis Resources

Magento Vulnerability Database List of Magento 1 and 2 integrations with known security issues. Objective: easily identify insecure 3rd party software

「 🌎 」About Web Exploration Laboratory The Web Exploration Laboratory (WEL) is a project created for people just entering the information security bus

Magento Security Checklist This is a community sourced checklist of security measures to take before launching your store. Think of it as a pre-flight

magento-htaccess A htaccess boilerplate for all Magento Community installations. Features focus on speed, SEO and security. The file should be placed

database handling class reflection extension for PHPStan This extension provides following features: PDO-query knows the array shape of the returned

JvMTECH.NeosHardening Package for Neos CMS Harden request headers, login interface and passwords to increase backend security. Installation composer r

Awesome AppSec A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.

PhpCodeAnalyzer PhpCodeAnalyzer finds usage of different non-built-in extensions in your php code. This tool helps you understand how transportable yo

PhpDeprecationDetector PhpDeprecationDetector - analyzer of PHP code to search usages of deprecated functionality in newer interpreter versions - depr

PHP Magic Number Detector (PHPMND) phpmnd is a tool that aims to help you to detect magic numbers in your PHP code. By default 0 and 1 are not conside

Static Analysis Tools for PHP Docker image providing static analysis tools for PHP. The list of available tools and the installer are actually managed

PHPSA - Smart Analyzer for PHP PHPSA is a development tool aimed at bringing complex analysis for PHP applications and libraries. P.S This software is

A static analysis engine... Usage: bin/tuli analyze file1 file2 path Installation Install it as a composer dependency!!! $ composer require ircmaxell

Enlightn A Laravel Tool To Boost Your App's Performance & Security Introduction Think of Enlightn as your performance and security consultant. Enlight

Laravel ACL This package allows you to manage user permissions and groups in a database, and is compatible with Laravel v5.8 or higher. Please check t

A laboratory for learning secure web and mobile development in a practical manner. Build your lab By provisioning local environments via docker-compos

CSP useful, a collection of scripts, thoughts about CSP I'm testing and using CSP (Content Security Policy), and here are some thoughts, resources, sc

Enlightn Security Checker The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security v

SЁCU Introduction SЁCU is a public API to store self-destructing data payloads. This repository includes only backend part using Laravel framework. Fr

Csrf Component Csrf Component provides Cross Site Request Forgery protection by comparing provided token with session token to ensure request validity

laminas-serializer This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical St

Project scanner for detect unused composer dependencies Versions Use 1.3.x@dev versions for projects with php 5.6, 7.0 Use 2.x versions for projects w

nanos Nanos is a new kernel designed to run one and only one application in a virtualized environment. It has several constraints on it compared to a

This repository contains a set of vulnerable Docker images for attacking the container environment compiled for Cyber_Security hackathon 2021. Require

=== WPBruiser {no- Captcha anti-Spam} === Contributors: mihche, knutsp Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_

Matomo (formerly Piwik) - matomo.org Code Status Description Matomo is the leading Free/Libre open analytics platform. Matomo is a full-featured PHP M

Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa

SensioLabs Security Checker WARNING: Don't use this piece of software anymore as the underlying web service will stop working at the end of January 20

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

SonarQube Continuous Inspection SonarQube provides the capability to not only show health of an application but also to highlight issues newly introdu

Code Quality and Security for PHP This SonarSource project is a static code analyser for PHP language used as an extension for the SonarQube platform.

Parse: A PHP Security Scanner PLEASE NOTE: This tool is still in a very early stage. The work continues... The Parse scanner is a static scanning tool

progpilot A static analyzer for security purposes Only PHP language is currently supported Installation Option 1: use standalone phar Download the lat

phpcs-security-audit v3 About phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in

⚗️ About Larastan Larastan was created by Can Vural and Nuno Maduro, got artwork designed by @Caneco, is maintained by Can Vural, Nuno Maduro, and Vik

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

Open eClass 2.3 Development of XSS, CSRF, SQLi, RFI attacks/defences of an older,vulnerable version of eclass. Project implemented as part of the clas

PHP Dependency analyzer PHP DA is tool for check and support dependencies inside your project clear. For example: You have project with 3 root namespa

Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan

api-security-lab This repo contains files for customers and partners to practice an API Security with NGINX App-Protect WAF. To demonstrate the capabi

Tenant Security Client PHP Library A PHP client for implementing CMK within a vendor's infrastructure. Makes requests through an IronCore Tenant Secur

EzPz Tweaks is an all-in-one WordPress plugin that helps you personalize the admin panel appearances, clean your site code and remove unwanted features to increase its security and improve performance.

WordPress Core Test Suite Stubs This package provides stub declarations for the WordPress Core Test Suite functions, classes and interfaces. These stu

PASETO: Platform-Agnostic Security Tokens Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague

VK Security – Auth system VK Security provides the ability to use game authorization inside in conjunction with the official VKontakte groups. Conveni

Security Advanced Security Class for Php Features Secure From XSS, CSRF, SQL Injection, BASE64, RFI, LFI, Command Injection, Block Suspicious Request

FunboxEasy - Proving Grounds - Offensive Security

Login and Sign Up with PHP User registration and login form with validations and escapes for total security made with PHP. Validations Required fields

Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

THIS PACKAGE IS NOT MAINTAINED ANYMORE. SIGNING URLS IS NOW PART OF LARAVEL: https://laravel-news.com/signed-routes Create secured URLs with a limited

PropAuth: Property-based policy evaluation Performing evaluations on credentials for authentication or sets of permissions on users has its limitation

🔒 Laravel Password Exposed Validation Rule This package provides a Laravel validation rule that checks if a password has been exposed in a data breac

A tiny PHP class-based program to analyze an input file and extract all of that words and detect how many times every word is repeated

Head First object oriented analysis & design in (PHP) after cloning the repository, you have to install the project's dependancies by running the foll

GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and various tools.

HTTP-Header Aktivierung verschiedener Webseiten-Header zur Einstellung von Sicherheitsmaßnahmen und Optimierungen. Zu beachten ist, dass nicht alle He

PHP-JWT-Guard Protect your code from being impacted by issue 351 in firebase/php-jwt. Installation First, install this library with Composer: composer

quarks/laravel-auditors Record created by, updated by and deleted by (if SoftDeletes added) on Eloquent models automatically. Installation composer re

Quickly scan source code for calls to Ray This package can quickly scan source code for calls to ray(), rd(), Ray::*, and -ray() helper methods from

Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.

Certainty - CA-Cert Automation for PHP Projects Automate your PHP projects' cacert.pem management. Read the blog post introducing Certainty. Requires

Chronicle is a self-hostable microservice, built with Slim Framework, which enables authorized users to commit arbitrary data to an immutable, append-only public ledger.

Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,

PHP Depend Documentation PHP Depend for enterprise Available as part of the Tidelift Subscription. The maintainers of PHP Depend and thousands of othe

php-text-analysis PHP Text Analysis is a library for performing Information Retrieval (IR) and Natural Language Processing (NLP) tasks using the PHP l

This package adds security notifications to warn your users when significant security events occur so that they aren't the next victim of an attacker.

PHPDoc-Parser for PHPStan PHPStan Next generation phpDoc parser with support for intersection types and generics. Code of Conduct This project adheres

Jetpack Monorepo This is the Jetpack Monorepo. It contains source code for the Jetpack plugin, the Jetpack composer packages, and other things. How to

Deptrac is a static code analysis tool for PHP that helps you communicate, visualize and enforce architectural decisions in your projects. You can freely define your architectural layers over classes and which rules should apply to them.

PHP-Casbin Documentation | Tutorials | Extensions Breaking News: Laravel-authz is now available, an authorization library for the Laravel framework. P

OAuth2 between Laravel projects A package that allows secure communication between two or more projects, focused mainly for use in microservices archi

JObfuscator is a source code obfuscator for the Java programming language. It can protect your Java source code and algorithms from hacking, cracking, reverse engineering, decompilation, and technology theft.

Docker Tutorials and Labs At this time we are not actively adding labs to this repository. Our focus is on training.play-with-docker.com where new lab

The full article is posted on my blog. The video presentation is shared here. The presentation slides are shared here. The exploit codes are shared he

Evil Twin - Mark VII Learn how to set up a fake authentication web page on a fake WiFi network. Read the comments in these two files to get a better u

hackigniter Hakkında : Hackigniter php codeigniter üzerinde kodlanmış zafiyetli bir web uygulamasıdır. Uygulama üzerinde bulunan zafiyetler, sızma tes

Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

Elastic APM Agent for PHP This is the official PHP agent for Elastic APM. The PHP agent enables you to trace the execution of operations in your appli

Security Component - Core Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the

CrimeFlare Bypass Hostname Alat untuk melihat IP asli dibalik website yang telah dilindungi CloudFlare. Introduction Alat ini berfungsi untuk melakuka

psalm-plugin-drupal A Drupal integration for Psalm focused on security scanning (SAST) taint analysis. Features Stubs for sinks, sources, and sanitize

PEL: PHP Exif Library README file for PEL: PHP Exif Library. A library with support for reading and writing Exif headers in JPEG and TIFF images using

Based on Sam Thomas' findings concerning insecure deserialization in combination with obfuscation strategies allowing to hide Phar files inside valid image resources, the TYPO3 project decided back then to introduce a PharStreamWrapper to intercept invocations of the phar:// stream in PHP and only allow usage for defined locations in the file system.

Current version: 1.3.5 PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted a

Laravel Qcloud Content Security T-Sec 天御内容安全服务使用了深度学习技术，识别文本/图片中出现的可能令人反感、不安全或不适宜内容，支持用户配置词库/图片黑名单，识别自定义的识别类型。

WordPress static site generator for security, performance and cost benefits

User Switching Stable tag: 1.5.7 Requires at least: 3.7 Tested up to: 5.7 Requires PHP: 5.3 License: GPL v2 or later Tags: users, profiles, user switc

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

Laravel Ban Introduction Laravel Ban simplify management of Eloquent model's ban. Make any model bannable in a minutes! Use case is not limited to Use

Captcha for Laravel 5/6/7 A simple Laravel 5/6 service provider for including the Captcha for Laravel. for Laravel 4 Captcha for Laravel Laravel 4 Pre

Bouncer Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. Table of Contents Click

About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected i

Matomo (formerly Piwik) - matomo.org Code Status Description Matomo is the leading Free/Libre open analytics platform. Matomo is a full-featured PHP M

Captcha Installation With composer : { ... "require": { "gregwar/captcha": "1.*" } } Usage You can create a captcha with the Captc

MathPHP - Powerful Modern Math Library for PHP The only library you need to integrate mathematical functions into your applications. It is a self-cont

Psalm Psalm is a static analysis tool for finding errors in PHP applications. Installation To get started, check out the installation guide. Live Demo

Easy to use architecture testing tool for PHP Introduction 📜 PHP Architecture Tester is a static analysis tool to verify architectural requirements.

Setup PHP in GitHub Actions Setup PHP with required extensions, php.ini configuration, code-coverage support and various tools like composer in GitHub

Infection - Mutation Testing framework Please read documentation here: infection.github.io Twitter: @infection_php Discord: https://discord.gg/ZUmyHTJ