PHP Security-testing Resources

psalm-plugin-drupal A Drupal integration for Psalm focused on security scanning (SAST) taint analysis. Features Stubs for sinks, sources, and sanitize

Flowder Flowder is a (really) simple fixture loader for PHP 7.3+, supporting SQLite and MySQL. Using Flowder in PHP 7.2 or below? Try version 1 instea

Based on Sam Thomas' findings concerning insecure deserialization in combination with obfuscation strategies allowing to hide Phar files inside valid image resources, the TYPO3 project decided back then to introduce a PharStreamWrapper to intercept invocations of the phar:// stream in PHP and only allow usage for defined locations in the file system.

Current version: 1.3.5 PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted a

Mocks, stubs, and spies for PHP. Installation Available as various Composer packages, depending on the test framework in use: For Kahlan, use eloquent

Laravel Async Testing this package can help you to test race condition in Laravel Feature Test Requirements Laravel versions 5.7, 6.x, 7.x and 8.x PHP

⛽ Octane Testbench Set of utilities to test Laravel applications powered by Octane. Install Via Composer: composer require --dev cerbero/octane-testbe

Laravel Qcloud Content Security T-Sec 天御内容安全服务使用了深度学习技术，识别文本/图片中出现的可能令人反感、不安全或不适宜内容，支持用户配置词库/图片黑名单，识别自定义的识别类型。

⛽ Laravel Octane (Pest Plugin) Pest plugin to test Laravel applications powered by Octane. Install Via Composer composer require --dev cerbero/pest-pl

JBZoo / CI-Report-Converter Why? Installing Using as GitHub Action Example GitHub Action workflow Available Directions Help description in terminal Co

anik/testbench-lumen is a package, highly inspired by the orchestral/testbench. orchestral/testbench that is a tool for testing Laravel packages.

WordPress static site generator for security, performance and cost benefits

User Switching Stable tag: 1.5.7 Requires at least: 3.7 Tested up to: 5.7 Requires PHP: 5.3 License: GPL v2 or later Tags: users, profiles, user switc

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

Laravel Ban Introduction Laravel Ban simplify management of Eloquent model's ban. Make any model bannable in a minutes! Use case is not limited to Use

Captcha for Laravel 5/6/7 A simple Laravel 5/6 service provider for including the Captcha for Laravel. for Laravel 4 Captcha for Laravel Laravel 4 Pre

Bouncer Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. Table of Contents Click

A mail driver to quickly preview mail This package can display a small overlay whenever a mail is sent. The overlay contains a link to the mail that w

About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected i

Matomo (formerly Piwik) - matomo.org Code Status Description Matomo is the leading Free/Libre open analytics platform. Matomo is a full-featured PHP M

Enhance PHP A unit testing framework with mocks and stubs. Built for PHP, in PHP! Quick Start: Just add EnhanceTestFramework.php and you are ready to

Captcha Installation With composer : { ... "require": { "gregwar/captcha": "1.*" } } Usage You can create a captcha with the Captc

Blackfire Player Blackfire Player is a powerful Web Crawling, Web Testing, and Web Scraper application. It provides a nice DSL to crawl HTTP services,

Psalm Psalm is a static analysis tool for finding errors in PHP applications. Installation To get started, check out the installation guide. Live Demo

PHP Compatibility Coding Standard for PHP CodeSniffer This is a set of sniffs for PHP CodeSniffer that checks for PHP cross-version compatibility. It

Easy to use architecture testing tool for PHP Introduction 📜 PHP Architecture Tester is a static analysis tool to verify architectural requirements.

vfsStream vfsStream is a stream wrapper for a virtual file system that may be helpful in unit tests to mock the real file system. It can be used with

PHPUnit PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. Installat

BDD test framework for PHP, inspired by Jasmine and RSpec. Features a familiar syntax, and a watch command to automatically re-run specs during develo

The highly extensible, highly enjoyable, PHP testing framework. Read more at peridot-php.github.io or head over to the wiki. Building PHAR Peridot's p

ParaTest The objective of ParaTest is to support parallel testing in PHPUnit. Provided you have well-written PHPUnit tests, you can drop paratest in y

Mockery Mockery is a simple yet flexible PHP mock object framework for use in unit testing with PHPUnit, PHPSpec or any other testing framework. Its c

Infection - Mutation Testing framework Please read documentation here: infection.github.io Twitter: @infection_php Discord: https://discord.gg/ZUmyHTJ

Codeception Modern PHP Testing for everyone Codeception is a modern full-stack testing framework for PHP. Inspired by BDD, it provides an absolutely n

atoum PHP version atoum version 5.3 - 5.6 1.x - 3.x 7.2 - 8.x 4.x (current) A simple, modern and intuitive unit testing framework for PHP! Just lik

A browser testing and web scraping library for PHP and Symfony Panther is a convenient standalone library to scrape websites and to run end-to-end tes

Latte: amazing template engine for PHP Introduction Latte is a template engine for PHP which eases your work and ensures the output is protected again

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

What is CIDRAM? CIDRAM (Classless Inter-Domain Routing Access Manager) is a PHP script designed to protect websites by blocking requests originating f

scheb/two-factor-bundle ⚠ Outdated version. Please use versions ≥ 5 from scheb/2fa. This bundle provides two-factor authentication for your Symfony ap

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries.

OWASP ZAP The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated internatio

CakePHP Utility Classes This library provides a range of utility classes that are used throughout the CakePHP framework What's in the toolbox? Hash A

Full Documentation at guzzler.dev Supercharge your app or SDK with a testing library specifically for Guzzle. Guzzler covers the process of setting up

This is a port of the VCR Ruby library to PHP. Record your test suite's HTTP interactions and replay them during future test runs for fast, determinis

ReactPHP Promises Testing A library that provides a set of convenient assertions for testing ReactPHP promises. Under the hood uses clue/php-block-rea

DMS Filter Component This library provides a service that can be used to filter object values based on annotations Install Use composer to add DMS\Fil

What is phpMussel? An ideal solution for shared hosting environments, where it's often not possible to utilise or install conventional anti-virus prot

Broadway Broadway is a project providing infrastructure and testing helpers for creating CQRS and event sourced applications. Broadway tries hard to n

PHPBench is a benchmark runner for PHP analogous to PHPUnit but for performance rather than correctness. Features include: Revolutions: Repeat your co

Sismo: Your Continuous Testing Server Sismo is a Continuous Testing Server written in PHP. Unlike more "advanced" Continuous Integration Servers (like

PHP Censor is an open source, self-hosted, continuous integration server for PHP projects (PHPCI fork). Official twitter @php_censor. PHP Censor versi

PHPStan - PHP Static Analysis Tool PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even b

PHP Noise A starter-kit for your PHP project. It includes frequently needed boilerplate setups (ci, badges, etc.) 📦 Installation To install this appl

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Lock - Acl for PHP 5.4+ I'm sad to say that Lock is currently not maintained. I won't be able to offer support or accept new contributions for the cur

Sentinel Sentinel is a PHP 7.3+ framework agnostic fully-featured authentication & authorization system. It also provides additional features such as