Skip to content

wireghoul/safelity

main
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
poc
 
 
 
 
 
 
 
 
 
 

safelity

Secure programming library for PHP, written as a proof of concept by Eldar "Wireghoul" Marcussen - http://www.justanotherhacker.com. Developed as part of my presentation at GIDS on codified security.

Concept

The idea was to write a library that allows developers to write secure code in a way that is similar to how they would write code otherwise. This library ensures that the code only executes the intended functionality without the need for input validation or encoding of special characters. In order to achieve this, some limitations were introduced. The following requirements/objectives were set:

  • PHP
  • Linux
  • Web based usage
  • Small adjustment for developers
  • No need for input validation
  • Auditable

PoC

Security claims should not be made lightly, a challenge to hack the library was made public on the internet. While the challenge is no longer hosted example scripts are provided in the poc/ directory and you can try to hack them yourself:

cd poc/
php -S 0:8000

The challenge files are now accessible via http://localhost:8000/ in your browser.

Usage of the library can also be audited by running ./audit.sh <directory> from the command line.

Inspiration

This library was inspired by a number of posts/opinions, but the following deserve a special mention:

About

Secure programming library for PHP

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

 

Packages

No packages published