{"id":26740011,"url":"https://github.com/aw-junaid/php-web-security","last_synced_at":"2025-04-14T16:05:47.799Z","repository":{"id":277576626,"uuid":"932864493","full_name":"aw-junaid/PHP-Web-Security","owner":"aw-junaid","description":"Secure PHP web apps with best practices: SQLi prevention, XSS protection, CSRF tokens, password hashing, and secure session management.","archived":false,"fork":false,"pushed_at":"2025-03-04T13:09:28.000Z","size":21,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-04T14:22:56.256Z","etag":null,"topics":["hacking","hacking-tool","php","xss","xss-exploitation","xss-vulnerability"],"latest_commit_sha":null,"homepage":"https://awjunaid.com","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aw-junaid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-14T16:57:45.000Z","updated_at":"2025-03-04T13:10:13.000Z","dependencies_parsed_at":"2025-02-14T18:29:15.770Z","dependency_job_id":null,"html_url":"https://github.com/aw-junaid/PHP-Web-Security","commit_stats":null,"previous_names":["aw-junaid/php-web-security"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aw-junaid%2FPHP-Web-Security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aw-junaid%2FPHP-Web-Security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aw-junaid%2FPHP-Web-Security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aw-junaid%2FPHP-Web-Security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aw-junaid","download_url":"https://codeload.github.com/aw-junaid/PHP-Web-Security/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245972667,"owners_count":20702721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking","hacking-tool","php","xss","xss-exploitation","xss-vulnerability"],"created_at":"2025-03-28T04:48:45.949Z","updated_at":"2025-03-28T04:48:46.672Z","avatar_url":"https://github.com/aw-junaid.png","language":null,"funding_links":["https://buymeacoffee.com/awjunaid"],"categories":[],"sub_categories":[],"readme":"# PHP-Web-Security\n\u003cimg align=\"\" src=\"https://github.com/aw-junaid/aw-junaid/blob/main/Assets/asset5.webp\" width=\"1000\" height=\"150\" alt=\"awjunaid\"\u003e\n\n![GitHub commit activity](https://img.shields.io/github/commit-activity/t/aw-junaid/PHP-Web-Security)\n![GitHub contributors](https://img.shields.io/github/contributors/aw-junaid/PHP-Web-Security)\n![GitHub repo size](https://img.shields.io/github/repo-size/aw-junaid/PHP-Web-Security)\n\n# Contact With Me:\n\n\n  \u003ca href=\"https://www.youtube.com/@awjunaid/featured\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Youtube\u0026logo=youtube\u0026label=\u0026color=FF0000\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"youtube logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.instagram.com/awjunaid_\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Instagram\u0026logo=instagram\u0026label=\u0026color=E4405F\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"instagram logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.twitch.tv/awjunaid\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Twitch\u0026logo=twitch\u0026label=\u0026color=9146FF\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"twitch logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"mailto:abdulwahabjunaid07@gmail.com\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Gmail\u0026logo=gmail\u0026label=\u0026color=D14836\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"gmail logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.linkedin.com/in/aw-junaid\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=LinkedIn\u0026logo=linkedin\u0026label=\u0026color=0077B5\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"linkedin logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://twitter.com/awjunaid_\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Twitter\u0026logo=twitter\u0026label=\u0026color=1DA1F2\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"twitter logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://discord.gg/Neddn8gPqY\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Discord\u0026logo=discord\u0026label=\u0026color=7289DA\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"discord logo\"  /\u003e\n  \u003c/a\u003e\u003e\n\n  # 💰 You can help me by Donating\n  [![BuyMeACoffee](https://img.shields.io/badge/Buy%20Me%20a%20Coffee-ffdd00?style=for-the-badge\u0026logo=buy-me-a-coffee\u0026logoColor=black)](https://buymeacoffee.com/awjunaid) \n  \nSecure PHP web apps with best practices: SQLi prevention, XSS protection, CSRF tokens, password hashing, and secure session management.\n\n\n# Contents\n\n- [Tools](#projects)\n  - [Web Framework Hardening](#web-framework-hardening)\n  - [Static Code Analysis](#static-code-analysis)\n  - [Vulnerabilities and Security Advisories](#vulnerabilities-and-security-advisories)\n- [Educational](#educational)\n  - [Hacking Playground](#hacking-playground)\n  - [Guides](#guides)\n- [Companies](#companies)\n\n# Tools\n\n## Web Framework Hardening\n\n- [Snuffleupagus](https://snuffleupagus.rtfd.io) - Security mondule for PHP7/8, the successsor to [suhosin](http://suhosin.org/stories/index.html).\n- [Secure-Headers](https://github.com/BePsvPT/secure-headers) - Add security related headers to HTTP response.\n\n## Static Code Analysis\n\n- [Enlightn](https://www.laravel-enlightn.com/) - Enlightn is a static and dynamic analysis tool to improve the security of Laravel applications. \n- [Exakat](https://github.com/exakat/exakat) - *Exakat* is a PHP static code analysis, with serious [Security reviews](https://exakat.readthedocs.io/en/latest/Rulesets.html#security).\n- [phpcs-security-audit](https://github.com/FloeDesignTechnologies/phpcs-security-audit) - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.\n  - `docker pull guardrails/phpcs-security-audit`\n- [progpilot](https://github.com/designsecurity/progpilot) - A static analyzer for security purposes.\n- [Parse](https://github.com/psecio/parse) - The *Parse* scanner is a static scanning tool to review your PHP code for potential security-related issues.\n- [SonarPHP](https://github.com/SonarSource/sonar-php) from [SonarQube](https://github.com/SonarSource/sonarqube) - A static code analyser for PHP language used as an extension for the SonarQube platform (200+ rules, Supports up to PHP 8, Import of unit test and coverage results, Support of custom rules)\n- [Snyk Code](https://snyk.io/product/snyk-code/) PHP support (beta) and available in Snyk free tier \n\n## Vulnerabilities and Security Advisories\n\n- [security-checker](https://github.com/sensiolabs/security-checker) - PHP frontend for security.symfony.com.\n  - `docker pull guardrails/security-checker`\n- [Symfony Security Monitoring](https://security.symfony.com/) - PHP security vulnerabilities monitoring.\n- [roave/security-advisories](https://github.com/Roave/SecurityAdvisories) - Add this dependency to disallow known/vulnerable installation of packages directly through `composer update`\n- [Security Advisories](https://github.com/FriendsOfPHP/security-advisories) - A database of PHP security advisories.\n- [php-malware-detector](https://github.com/ollyxar/php-malware-detector) - PHP malware detector\n- [Snyk Open Source](https://snyk.io/product/open-source-security-management/) - Package manager scanner with a free tier \n\n# Educational\n\n## Hacking Playground\n\n- [DVWA](https://github.com/ethicalhack3r/DVWA) - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.\n- [Insecure PHP Example](https://github.com/rickogden/insecure-php-example) - This is an example application built using Silex for routing to provide examples of SQL Injection, plain text passwords and XSS.\n\n## Guides\n\n- [Official PHP Security Manual](http://php.net/manual/en/security.php)\n- [Survive The Deep End: PHP Security](https://phpsecurity.readthedocs.io/en/latest/)\n- [Security Tips for a PHP Application](https://dev.to/restoreddev/security-tips-for-a-php-application-4e9a)\n- [Awesome-AppSec: PHP-Section](https://github.com/paragonie/awesome-appsec#php)\n- [The 2018 Guide to Building Secure PHP Software](https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software)\n\n# Companies\n\n- [GuardRails](https://www.guardrails.io) - A GitHub App that gives you instant security feedback in your Pull Requests.\n- [RIPS](https://www.ripstech.com) - RIPS is the leading security analysis solution for PHP\n- [Snyk](https://snyk.io) - A developer-first solution that automates finding \u0026 fixing vulnerabilities in your dependencies.\n- [Sqreen](https://sqreen.io) - Automated security for your web apps - real time application security protection.\n- [Paragon Initiative Enterprises](https://paragonie.com) - PHP Security and Cryptography consultants, open source library publishers.\n\n\n## License\n\n[![CC0](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faw-junaid%2Fphp-web-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faw-junaid%2Fphp-web-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faw-junaid%2Fphp-web-security/lists"}