PHP Security-testing Resources

Laravel Testing Helper for Packages Development Testbench Component is the de-facto package that has been designed to help you write tests for your La

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Leakfa.com A simple way to know if you are on the list of major security breaches like "HIBP", but it is specific for Iran. Service content This produ

Broadway is a project providing infrastructure and testing helpers for creating CQRS and event sourced applications. Broadway tries hard to not get in your way.

FalconOne Lite is an Open Source solution deployed and updated on a daily basis to help prevent terror and crime globally. By using advanced tools, functions and stealth strategies, FalconOne community is focused on making a friendly and fast solution for effective results.

DMS Filter Component This library provides a service that can be used to filter object values based on annotations Install Use composer to add DMS\Fil

Magento Vulnerability Database List of Magento 1 and 2 integrations with known security issues. Objective: easily identify insecure 3rd party software

「 🌎 」About Web Exploration Laboratory The Web Exploration Laboratory (WEL) is a project created for people just entering the information security bus

Magento Security Checklist This is a community sourced checklist of security measures to take before launching your store. Think of it as a pre-flight

PoP Translation - Mock Mock implementation of the Translation package, for testing with PHPUnit Install Via Composer composer require getpop/translati

counts_database_queries Trait for Laravel testing to count/assert about database queries Installing composer require ohffs/counts-database-queries-tra

magento-htaccess A htaccess boilerplate for all Magento Community installations. Features focus on speed, SEO and security. The file should be placed

SilverStripe User Switcher The module adds a small form both in the frontend to quickly login as any user in the system. The intended use is in testin

JvMTECH.NeosHardening Package for Neos CMS Harden request headers, login interface and passwords to increase backend security. Installation composer r

Awesome AppSec A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.

Enlightn A Laravel Tool To Boost Your App's Performance & Security Introduction Think of Enlightn as your performance and security consultant. Enlight

Laravel ACL This package allows you to manage user permissions and groups in a database, and is compatible with Laravel v5.8 or higher. Please check t

httpdock Very simple mock HTTP Server for testing Restful API, running via Docker. Start Server Starting this server via command: docker run -ti -d -p

Game of Tests laravel This package aims to enable a quick implementation of a Game of Tests in Laravel. Is uses the package swisnl/game-of-tests and g

Phake Phake is a framework for PHP that aims to provide mock objects, test doubles and method stubs. Phake was inspired by a lack of flexibility and e

This extension is no longer maintained DbUnit PHPUnit extension for database interaction testing. Installation Composer If you use Composer to manage

Steward: easy and robust testing with Selenium WebDriver + PHPUnit Steward is a set of libraries made to simplify writing and running robust functiona

A laboratory for learning secure web and mobile development in a practical manner. Build your lab By provisioning local environments via docker-compos

CSP useful, a collection of scripts, thoughts about CSP I'm testing and using CSP (Content Security Policy), and here are some thoughts, resources, sc

Enlightn Security Checker The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security v

SЁCU Introduction SЁCU is a public API to store self-destructing data payloads. This repository includes only backend part using Laravel framework. Fr

Csrf Component Csrf Component provides Cross Site Request Forgery protection by comparing provided token with session token to ensure request validity

laminas-serializer This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical St

Pest is an elegant PHP Testing Framework with a focus on simplicity. It was carefully crafted to bring the joy of testing to PHP. Explore the docs: pe

nanos Nanos is a new kernel designed to run one and only one application in a virtualized environment. It has several constraints on it compared to a

This repository contains a set of vulnerable Docker images for attacking the container environment compiled for Cyber_Security hackathon 2021. Require

=== WPBruiser {no- Captcha anti-Spam} === Contributors: mihche, knutsp Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_

Laravel Mail Intercept A testing package for intercepting mail sent from Laravel This testing suite intercepts Laravel Mail just before they are sent

Matomo (formerly Piwik) - matomo.org Code Status Description Matomo is the leading Free/Libre open analytics platform. Matomo is a full-featured PHP M

Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa

SensioLabs Security Checker WARNING: Don't use this piece of software anymore as the underlying web service will stop working at the end of January 20

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

Parse: A PHP Security Scanner PLEASE NOTE: This tool is still in a very early stage. The work continues... The Parse scanner is a static scanning tool

progpilot A static analyzer for security purposes Only PHP language is currently supported Installation Option 1: use standalone phar Download the lat

phpcs-security-audit v3 About phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Testing in Laravel The following documentation is based on my Laravel Testing for Beginners tutorial we’re going to cover the basics of unit tests, fe

Psalm test Static testing tool for psalm plugins. Installation $ composer require --dev klimick/psalm-test $ vendor/bin/psalm-plugin enable klimick/ps

Find Bugs Before They Bite Built with ❤️ for lazy laravel developers ;) Why repeat the old errors, if there are so many new errors to commit. (Bertran

Laravel Factories Reloaded 🏭 This package generates class-based model factories, which you can use instead of the ones provided by Laravel. Laravel 8

Log fake for Laravel A bunch of Laravel facades / services are able to be faked, such as the Dispatcher with Bus::fake(), to help with testing and ass

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

wp-browser-woocommerce This library simplifies testing of WooCommerce themes and plugins with wp-browser. Several Unit Test Factories are added that a

Open eClass 2.3 Development of XSS, CSRF, SQLi, RFI attacks/defences of an older,vulnerable version of eclass. Project implemented as part of the clas

Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan

api-security-lab This repo contains files for customers and partners to practice an API Security with NGINX App-Protect WAF. To demonstrate the capabi

Tenant Security Client PHP Library A PHP client for implementing CMK within a vendor's infrastructure. Makes requests through an IronCore Tenant Secur

EzPz Tweaks is an all-in-one WordPress plugin that helps you personalize the admin panel appearances, clean your site code and remove unwanted features to increase its security and improve performance.

PASETO: Platform-Agnostic Security Tokens Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague

VK Security – Auth system VK Security provides the ability to use game authorization inside in conjunction with the official VKontakte groups. Conveni

WordPress Pest Plugin Supports integrating Pest with your WordPress code base through the Mantle Framework. Read about the Mantle Testing Framework he

Security Advanced Security Class for Php Features Secure From XSS, CSRF, SQL Injection, BASE64, RFI, LFI, Command Injection, Block Suspicious Request

MailThief MailThief is a fake mailer for Laravel applications (5.0+) that makes it easy to test mail without actually sending any emails. Note: Due to

#Vue-Cli Template for Larvel + Webpack + Hotreload (HMR) I had a really tough time getting my workflow rocking between Laravel and VueJS projects. I f

FunboxEasy - Proving Grounds - Offensive Security

To run time/IO related unit tests (e.g., sleep function calls, database queries, API calls, etc) faster using Swoole.

Login and Sign Up with PHP User registration and login form with validations and escapes for total security made with PHP. Validations Required fields

ABRouter Laravel Example It's a example of using (ABRouter Laravel Client)[https://github.com/abrouter/abrouter-laravel-bridge] Set up locally First o

Laravel API Test Helpers This is a collection of helper methods for testing and debugging API endpoints. Installation You can install the package via

A mail driver to quickly preview mail This package can display a small overlay whenever a mail is sent. The overlay contains a link to the mail that w

Tests automatisés aux finales nationales 2022 Test d'API (Module C2) Pour le module C2, les spécifications de l'API seront fournies dans la spécificat

Magic Test for Laravel Magic Test allows you to write browser tests by simply clicking around on the application being tested, all without the slownes

Package for unit testing Laravel form request classes. Why Colin DeCarlo gave a talk on Laracon online 21 about unit testing Laravel form requests cla

Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

THIS PACKAGE IS NOT MAINTAINED ANYMORE. SIGNING URLS IS NOW PART OF LARAVEL: https://laravel-news.com/signed-routes Create secured URLs with a limited

PropAuth: Property-based policy evaluation Performing evaluations on credentials for authentication or sets of permissions on users has its limitation

🔒 Laravel Password Exposed Validation Rule This package provides a Laravel validation rule that checks if a password has been exposed in a data breac

HTTP-Header Aktivierung verschiedener Webseiten-Header zur Einstellung von Sicherheitsmaßnahmen und Optimierungen. Zu beachten ist, dass nicht alle He

Database Populator for Codeception DB Module Codeception DB module addon that helps you to tune database populations. So for a test you could load onl

PHP-JWT-Guard Protect your code from being impacted by issue 351 in firebase/php-jwt. Installation First, install this library with Composer: composer

quarks/laravel-auditors Record created by, updated by and deleted by (if SoftDeletes added) on Eloquent models automatically. Installation composer re

KivaNote - a Laravel TDD Sample Project Let me introduce you to KivaNote, a simple real-world application using Laravel to show you how the TDD & Unit

Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.

Certainty - CA-Cert Automation for PHP Projects Automate your PHP projects' cacert.pem management. Read the blog post introducing Certainty. Requires

Chronicle is a self-hostable microservice, built with Slim Framework, which enables authorized users to commit arbitrary data to an immutable, append-only public ledger.

Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,

A progressive PHP framework for building efficient and scalable server-side applications. Description A fullstack shop app with Symfony framework and

This package adds security notifications to warn your users when significant security events occur so that they aren't the next victim of an attacker.

PHPDoc-Parser for PHPStan PHPStan Next generation phpDoc parser with support for intersection types and generics. Code of Conduct This project adheres

Jetpack Monorepo This is the Jetpack Monorepo. It contains source code for the Jetpack plugin, the Jetpack composer packages, and other things. How to

Introduction Laravel Dusk provides an expressive, easy-to-use browser automation and testing API. By default, Dusk does not require you to install JDK

Laravel View Test Assertions Few additional assertions for testing Laravel views. Why Laravel has well established and documented way of testing reque

PHP-Casbin Documentation | Tutorials | Extensions Breaking News: Laravel-authz is now available, an authorization library for the Laravel framework. P

OAuth2 between Laravel projects A package that allows secure communication between two or more projects, focused mainly for use in microservices archi

JObfuscator is a source code obfuscator for the Java programming language. It can protect your Java source code and algorithms from hacking, cracking, reverse engineering, decompilation, and technology theft.

Docker Tutorials and Labs At this time we are not actively adding labs to this repository. Our focus is on training.play-with-docker.com where new lab

Unit testing tips by examples in PHP Introduction In these times, the benefits of writing unit tests are huge. I think that most of the recently start

The full article is posted on my blog. The video presentation is shared here. The presentation slides are shared here. The exploit codes are shared he

Evil Twin - Mark VII Learn how to set up a fake authentication web page on a fake WiFi network. Read the comments in these two files to get a better u

This Pest plugin offers a function testTime that allows you to freeze and manipulate the current time in your tests.

hackigniter Hakkında : Hackigniter php codeigniter üzerinde kodlanmış zafiyetli bir web uygulamasıdır. Uygulama üzerinde bulunan zafiyetler, sızma tes

Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.

YAPS - Yet Another PHP Shell Yeah, I know, I know... But that's it. =) As the name reveals, this is yet another PHP reverse shell, one more among hund

Security Component - Core Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the

CrimeFlare Bypass Hostname Alat untuk melihat IP asli dibalik website yang telah dilindungi CloudFlare. Introduction Alat ini berfungsi untuk melakuka