Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/security-checklist/php-security-check-list
PHP Security Check List [ EN ] 🌋 ☣️
https://github.com/security-checklist/php-security-check-list
bugbounty checklist php php-framework php-library php-security php-security-checker security security-audit security-checklist security-research security-researcher security-testing web-application web-application-framework web-application-security webapplication
Last synced: about 1 month ago
JSON representation
PHP Security Check List [ EN ] 🌋 ☣️
- Host: GitHub
- URL: https://github.com/security-checklist/php-security-check-list
- Owner: security-checklist
- License: mit
- Created: 2018-10-27T11:59:19.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2020-01-13T04:34:07.000Z (almost 5 years ago)
- Last Synced: 2024-08-02T02:16:37.871Z (4 months ago)
- Topics: bugbounty, checklist, php, php-framework, php-library, php-security, php-security-checker, security, security-audit, security-checklist, security-research, security-researcher, security-testing, web-application, web-application-framework, web-application-security, webapplication
- Homepage: http://php.net
- Size: 25.4 KB
- Stars: 296
- Watchers: 16
- Forks: 58
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-security-collection - **221**星
README
### PHP Security Check List [ EN ]
![PHP-Security-Check-List](/image/php-image.png)
PHP: Hypertext Preprocessor is a web-based, server-side, multi-use, general-purpose, scripting and programming language that can be embedded in HTML. The PHP development, which was first created by Rasmus Lerdorf in 1995, is now being run by the PHP community.
The PHP programming language is still used by a large developer. It is the most known backend programming language. In PHP web applications, I prepared a list called "php security check list" which security researchers should know.
* [Full Path Disclosure](https://www.owasp.org/index.php/Full_Path_Disclosure)
* [Arbitrary File Upload](https://www.owasp.org/index.php/Unrestricted_File_Upload)
* [Arbitrary File Delete](https://www.acunetix.com/vulnerabilities/web/arbitrary-file-deletion/)
* [Arbitrary File Download](https://resources.infosecinstitute.com/arbitrary-file-download-breaking-into-the-system/#gref)
* [Local File Inclusion](https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/)
* [Remote File Inclusion](https://www.owasp.org/index.php/Testing_for_Remote_File_Inclusion)
* [Cookie Injection](https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002))
* [Session hijacking](https://www.owasp.org/index.php/Session_hijacking_attack)
* [Header Injection](https://www.owasp.org/index.php/Testing_for_HTTP_Parameter_pollution_(OTG-INPVAL-004))
* [SQL Injection](https://www.owasp.org/index.php/SQL_Injection)
* [XML Injection](https://www.owasp.org/index.php/Testing_for_XML_Injection_(OTG-INPVAL-008))
* [XXE Injection](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)
* [Email Injection](https://www.owasp.org/index.php/Testing_for_IMAP/SMTP_Injection_(OTG-INPVAL-011))
* [HTML Injection](https://www.owasp.org/index.php/Testing_for_HTML_Injection_(OTG-CLIENT-003))
* [xPath Injection](https://www.owasp.org/index.php/XPATH_Injection)
* [Code Injection](https://www.owasp.org/index.php/Code_Injection)
* [Command Injection](https://www.owasp.org/index.php/Command_Injection)
* [Object Injection](https://www.owasp.org/index.php/PHP_Object_Injection)
* [Cross Site Scripting](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))
* [Cross Site Request Forgery](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
* [Broken Authentication and Session Management](https://www.owasp.org/index.php/Broken_Authentication_and_Session_Management)
* [Session Hijacking Attack](https://www.owasp.org/index.php/Session_hijacking_attack)