{"id":13510528,"url":"https://github.com/security-checklist/php-security-check-list","last_synced_at":"2025-03-30T16:33:46.992Z","repository":{"id":201560897,"uuid":"154959680","full_name":"security-checklist/php-security-check-list","owner":"security-checklist","description":"PHP Security Check List [ EN ] 🌋 ☣️","archived":false,"fork":false,"pushed_at":"2020-01-13T04:34:07.000Z","size":26,"stargazers_count":296,"open_issues_count":0,"forks_count":58,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-08-02T02:16:37.871Z","etag":null,"topics":["bugbounty","checklist","php","php-framework","php-library","php-security","php-security-checker","security","security-audit","security-checklist","security-research","security-researcher","security-testing","web-application","web-application-framework","web-application-security","webapplication"],"latest_commit_sha":null,"homepage":"http://php.net","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/security-checklist.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null},"funding":{"github":"ismailtasdelen","patreon":"ismailtasdelen","open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":"ismailtasdelen","issuehunt":null,"otechie":null,"custom":null}},"created_at":"2018-10-27T11:59:19.000Z","updated_at":"2024-06-18T13:56:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"fa49ec2d-28a3-45a5-807c-59cd8231e4b2","html_url":"https://github.com/security-checklist/php-security-check-list","commit_stats":null,"previous_names":["security-checklist/php-security-check-list"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/security-checklist%2Fphp-security-check-list","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/security-checklist%2Fphp-security-check-list/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/security-checklist%2Fphp-security-check-list/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/security-checklist%2Fphp-security-check-list/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/security-checklist","download_url":"https://codeload.github.com/security-checklist/php-security-check-list/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222566739,"owners_count":17004237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","checklist","php","php-framework","php-library","php-security","php-security-checker","security","security-audit","security-checklist","security-research","security-researcher","security-testing","web-application","web-application-framework","web-application-security","webapplication"],"created_at":"2024-08-01T02:01:42.601Z","updated_at":"2024-11-01T11:30:27.419Z","avatar_url":"https://github.com/security-checklist.png","language":null,"funding_links":["https://github.com/sponsors/ismailtasdelen","https://patreon.com/ismailtasdelen","https://liberapay.com/ismailtasdelen"],"categories":["Others","\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","bugbounty"],"sub_categories":["\u003ca id=\"f110da0bf67359d3abc62b27d717e55e\"\u003e\u003c/a\u003e新添加的"],"readme":"### PHP Security Check List [ EN ]\n\n\u003cimg src=\"https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg\"\u003e \u003cimg src=\"https://img.shields.io/github/stars/security-checklist/php-security-check-list?style=social\"\u003e \u003cimg src=\"https://img.shields.io/github/forks/security-checklist/php-security-check-list?style=social\"\u003e \u003cimg src=\"https://img.shields.io/github/repo-size/security-checklist/php-security-check-list\"\u003e \u003cimg src=\"https://img.shields.io/github/license/anti-ddos/Anti-DDOS\"\u003e \u003cimg src=\"https://img.shields.io/github/issues/detail/author/security-checklist/php-security-check-list/2\"\u003e\n\n![PHP-Security-Check-List](/image/php-image.png)\n\nPHP: Hypertext Preprocessor is a web-based, server-side, multi-use, general-purpose, scripting and programming language that can be embedded in HTML. The PHP development, which was first created by Rasmus Lerdorf in 1995, is now being run by the PHP community.\n\nThe PHP programming language is still used by a large developer. It is the most known backend programming language. In PHP web applications, I prepared a list called \"php security check list\" which security researchers should know.\n\n* [Full Path Disclosure](https://www.owasp.org/index.php/Full_Path_Disclosure)\n* [Arbitrary File Upload](https://www.owasp.org/index.php/Unrestricted_File_Upload)\n* [Arbitrary File Delete](https://www.acunetix.com/vulnerabilities/web/arbitrary-file-deletion/)\n* [Arbitrary File Download](https://resources.infosecinstitute.com/arbitrary-file-download-breaking-into-the-system/#gref)\n* [Local File Inclusion](https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/)\n* [Remote File Inclusion](https://www.owasp.org/index.php/Testing_for_Remote_File_Inclusion)\n* [Cookie Injection](https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002))\n* [Session hijacking](https://www.owasp.org/index.php/Session_hijacking_attack)\n* [Header Injection](https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_(OTG-INPVAL-004))\n* [SQL Injection](https://www.owasp.org/index.php/SQL_Injection)\n* [XML Injection](https://www.owasp.org/index.php/Testing_for_XML_Injection_(OTG-INPVAL-008))\n* [XXE Injection](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)\n* [Email Injection](https://www.owasp.org/index.php/Testing_for_IMAP/SMTP_Injection_(OTG-INPVAL-011))\n* [HTML Injection](https://www.owasp.org/index.php/Testing_for_HTML_Injection_(OTG-CLIENT-003))\n* [xPath Injection](https://www.owasp.org/index.php/XPATH_Injection)\n* [Code Injection](https://www.owasp.org/index.php/Code_Injection)\n* [Command Injection](https://www.owasp.org/index.php/Command_Injection)\n* [Object Injection](https://www.owasp.org/index.php/PHP_Object_Injection)\n* [Cross Site Scripting](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))\n* [Cross Site Request Forgery](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))\n* [Broken Authentication and Session Management](https://www.owasp.org/index.php/Broken_Authentication_and_Session_Management)\n* [Session Hijacking Attack](https://www.owasp.org/index.php/Session_hijacking_attack)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurity-checklist%2Fphp-security-check-list","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecurity-checklist%2Fphp-security-check-list","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecurity-checklist%2Fphp-security-check-list/lists"}