Awesome

A curated list of awesome PHP Security related resources.

List inspired by the awesome list thing.

Supported by: GuardRails.io

Contents

• Tools
  • Web Framework Hardening
  • Static Code Analysis
  • Vulnerabilities and Security Advisories
• Educational
  • Hacking Playground
  • Guides
• Companies
• Contributing

Tools

Web Framework Hardening

• Snuffleupagus - Security mondule for PHP7/8, the successsor to suhosin.
• Secure-Headers - Add security related headers to HTTP response.

Static Code Analysis

• Enlightn - Enlightn is a static and dynamic analysis tool to improve the security of Laravel applications.
• Exakat - Exakat is a PHP static code analysis, with serious Security reviews.
• phpcs-security-audit - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.
  • docker pull guardrails/phpcs-security-audit
• progpilot - A static analyzer for security purposes.
• Parse - The Parse scanner is a static scanning tool to review your PHP code for potential security-related issues.
• SonarPHP from SonarQube - A static code analyser for PHP language used as an extension for the SonarQube platform (200+ rules, Supports up to PHP 8, Import of unit test and coverage results, Support of custom rules)
• Snyk Code PHP support (beta) and available in Snyk free tier

Vulnerabilities and Security Advisories

• security-checker - PHP frontend for security.symfony.com.
  • docker pull guardrails/security-checker
• Symfony Security Monitoring - PHP security vulnerabilities monitoring.
• roave/security-advisories - Add this dependency to disallow known/vulnerable installation of packages directly through composer update
• Security Advisories - A database of PHP security advisories.
• php-malware-detector - PHP malware detector
• Snyk Open Source - Package manager scanner with a free tier

Educational

Hacking Playground

• DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
• Insecure PHP Example - This is an example application built using Silex for routing to provide examples of SQL Injection, plain text passwords and XSS.

Guides

• Official PHP Security Manual
• Survive The Deep End: PHP Security
• Security Tips for a PHP Application
• Awesome-AppSec: PHP-Section
• The 2018 Guide to Building Secure PHP Software

Companies

• GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
• RIPS - RIPS is the leading security analysis solution for PHP
• Snyk - A developer-first solution that automates finding & fixing vulnerabilities in your dependencies.
• Sqreen - Automated security for your web apps - real time application security protection.
• Paragon Initiative Enterprises - PHP Security and Cryptography consultants, open source library publishers.

Contributing

Found an awesome project, package, article, other type of resources related to PHP Security? Submit a pull request! Just follow the guidelines. Thank you!

Inspiration

This awesome list was inspired by awesome-nodejs-security and awesome-ruby-security.

License