polyscripted-php

For a demo of a polyscripted website go to: https://github.com/polyverse/dvwa

Polyscripting is a cybersecurity security technique used to stop code injection attacks. It is based on Moving Target Defense approaches (see http://web.mit.edu/br26972/www/pubs/mt_survey.pdf ) which work by increasing the costs for adversaries to successfully attack a system.

Before Polyscripting, any script injection bug (e.g. an unguarded 'eval') would be exploitable across all instances of the script--in the case of PHP, literally billions of computers. In effect, current systems are "break once, run everywhere". By creating unique PHP languages on the fly for every PHP instance, it becomes extremely difficult for attackers build attacks that can work across every machine--"break once, run once".

overview

https://blog.polyverse.io/introducing-polyscripting-the-beginning-of-the-end-of-code-injection-fe0c99d6f199

tutorial

https://github.com/polyverse/polyscripted-php/blob/master/Ps-PlaygroundReadMe.md

Name	Latest commit message	Commit time
Failed to load latest commit information.
images	added additional images	Jan 15, 2019
scripts
.DS_Store
.gitignore
Dockerfile	simplified phar compilation	Nov 29, 2018
Dockerfile.built
LICENSE	Added license	Aug 1, 2018
Ps-PlaygroundReadMe.md	Update Ps-PlaygroundReadMe.md	Aug 23, 2018
README.md
RoadMap.md	Update RoadMap.md	Aug 22, 2018

polyverse/polyscripted-php

Join GitHub today

Clone with HTTPS

Downloading...

Launching GitHub Desktop...

Launching GitHub Desktop...

Launching Xcode...

Launching Visual Studio...

README.md

polyscripted-php

overview

tutorial