Skip to content

guardrailsio/awesome-php-security

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Sep 22, 2021

A curated list of awesome PHP Security related resources.

Awesome

List inspired by the awesome list thing.

Supported by: GuardRails.io

Contents

Tools

Web Framework Hardening

Static Code Analysis

  • Enlightn - Enlightn is a static and dynamic analysis tool to improve the security of Laravel applications.
  • Exakat - Exakat is a PHP static code analysis, with serious Security reviews.
  • phpcs-security-audit - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.
    • docker pull guardrails/phpcs-security-audit
  • progpilot - A static analyzer for security purposes.
  • Parse - The Parse scanner is a static scanning tool to review your PHP code for potential security-related issues.
  • SonarPHP from SonarQube - A static code analyser for PHP language used as an extension for the SonarQube platform (200+ rules, Supports up to PHP 8, Import of unit test and coverage results, Support of custom rules)
  • Snyk Code PHP support (beta) and available in Snyk free tier

Vulnerabilities and Security Advisories

Educational

Hacking Playground

  • DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
  • Insecure PHP Example - This is an example application built using Silex for routing to provide examples of SQL Injection, plain text passwords and XSS.

Guides

Companies

  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
  • RIPS - RIPS is the leading security analysis solution for PHP
  • Snyk - A developer-first solution that automates finding & fixing vulnerabilities in your dependencies.
  • Sqreen - Automated security for your web apps - real time application security protection.
  • Paragon Initiative Enterprises - PHP Security and Cryptography consultants, open source library publishers.

Contributing

Found an awesome project, package, article, other type of resources related to PHP Security? Submit a pull request! Just follow the guidelines. Thank you!

Inspiration

This awesome list was inspired by awesome-nodejs-security and awesome-ruby-security.

License

CC0

About

Awesome PHP Security Resources πŸ•ΆπŸ˜πŸ”

Topics

Resources

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published