A curated list of awesome PHP Security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Web Framework Hardening
- Secure-Headers - Add security related headers to HTTP response.
Static Code Analysis
- phpcs-security-audit - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.
docker pull guardrails/phpcs-security-audit
- progpilot - A static analyzer for security purposes.
- Parse - The Parse scanner is a static scanning tool to review your PHP code for potential security-related issues.
Vulnerabilities and Security Advisories
- security-checker - PHP frontend for security.symfony.com.
docker pull guardrails/security-checker
- Symfony Security Monitoring - PHP security vulnerabilities monitoring.
- roave/security-advisories - Add this dependency to disallow known/vulnerable installation of packages directly through
- Security Advisories - A database of PHP security advisories.
- php-malware-detector - PHP malware detector
- DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
- Insecure PHP Example - This is an example application built using Silex for routing to provide examples of SQL Injection, plain text passwords and XSS.
- Official PHP Security Manual
- Survive The Deep End: PHP Security
- Security Tips for a PHP Application
- Awesome-AppSec: PHP-Section
- The 2018 Guide to Building Secure PHP Software
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- RIPS - RIPS is the leading security analysis solution for PHP
- Snyk - A developer-first solution that automates finding & fixing vulnerabilities in your dependencies.
- Sqreen - Automated security for your web apps - real time application security protection.
- Paragon Initiative Enterprises - PHP Security and Cryptography consultants, open source library publishers.
Found an awesome project, package, article, other type of resources related to PHP Security? Submit a pull request! Just follow the guidelines. Thank you!