guardrailsio / Awesome Php Security
Awesome PHP Security Resources đśđđ
Stars: â 666
Projects that are alternatives of or similar to Awesome Php Security
Containerssh
ContainerSSH: Launch containers on demand
Stars: â 195 (-70.72%)
Mutual labels: security-tools, devsecops
Openrasp Iast
IAST ç°çćŤć塼ĺ
ˇ
Stars: â 253 (-62.01%)
Mutual labels: security-tools, devsecops
Gg Shield Action
GitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: â 248 (-62.76%)
Mutual labels: security-tools, devsecops
Bulwark
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
Stars: â 113 (-83.03%)
Mutual labels: security-tools, application-security
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: â 4,561 (+584.83%)
Mutual labels: security-tools, devsecops
Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: â 2,687 (+303.45%)
Mutual labels: security-tools, devsecops
vimana-framework
Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Stars: â 47 (-92.94%)
Mutual labels: application-security, devsecops
Trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: â 9,673 (+1352.4%)
Mutual labels: security-tools, devsecops
Whatweb
Next generation web scanner
Stars: â 3,503 (+425.98%)
Mutual labels: security-tools, application-security
Securecodebox
secureCodeBox (SCB) - continuous secure delivery out of the box
Stars: â 279 (-58.11%)
Mutual labels: security-tools, devsecops
Kube Scan
kube-scan: Octarine k8s cluster risk assessment tool
Stars: â 566 (-15.02%)
Mutual labels: security-tools, devsecops
Taipan
Web application vulnerability scanner
Stars: â 359 (-46.1%)
Mutual labels: security-tools, application-security
Content
Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: â 1,219 (+83.03%)
Mutual labels: security-tools, application-security
Njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: â 128 (-80.78%)
Mutual labels: security-tools, devsecops
Purify
All-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: â 72 (-89.19%)
Mutual labels: security-tools, devsecops
kdt
CLI to interact with Kondukto
Stars: â 18 (-97.3%)
Mutual labels: application-security, devsecops
Gg Shield
Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Stars: â 708 (+6.31%)
Mutual labels: security-tools, devsecops
Ossa
Open-Source Security Architecture | ĺźćşĺŽĺ
¨ćść
Stars: â 796 (+19.52%)
Mutual labels: security-tools, application-security
Application Security Engineer Interview Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: â 267 (-59.91%)
Mutual labels: devsecops, application-security
Watchdog
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: â 345 (-48.2%)
Mutual labels: security-tools, application-security
A curated list of awesome PHP Security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Contents
Tools
Web Framework Hardening
- Secure-Headers - Add security related headers to HTTP response.
Static Code Analysis
- Exakat - Exakat is a PHP static code analysis, with serious Security reviews.
-
phpcs-security-audit - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.
docker pull guardrails/phpcs-security-audit
- progpilot - A static analyzer for security purposes.
- Parse - The Parse scanner is a static scanning tool to review your PHP code for potential security-related issues.
Vulnerabilities and Security Advisories
-
security-checker - PHP frontend for security.symfony.com.
docker pull guardrails/security-checker
- Symfony Security Monitoring - PHP security vulnerabilities monitoring.
-
roave/security-advisories - Add this dependency to disallow known/vulnerable installation of packages directly through
composer update - Security Advisories - A database of PHP security advisories.
- php-malware-detector - PHP malware detector
Educational
Hacking Playground
- DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
- Insecure PHP Example - This is an example application built using Silex for routing to provide examples of SQL Injection, plain text passwords and XSS.
Guides
- Official PHP Security Manual
- Survive The Deep End: PHP Security
- Security Tips for a PHP Application
- Awesome-AppSec: PHP-Section
- The 2018 Guide to Building Secure PHP Software
Companies
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- RIPS - RIPS is the leading security analysis solution for PHP
- Snyk - A developer-first solution that automates finding & fixing vulnerabilities in your dependencies.
- Sqreen - Automated security for your web apps - real time application security protection.
- Paragon Initiative Enterprises - PHP Security and Cryptography consultants, open source library publishers.
Contributing
Found an awesome project, package, article, other type of resources related to PHP Security? Submit a pull request! Just follow the guidelines. Thank you!
Inspiration
This awesome list was inspired by awesome-nodejs-security and awesome-ruby-security.
License
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].