PHP is still a very popular and widely used language. There are a lot of great security tools and resources available for PHP that are scattered all over the place.
For this reason, I've compiled a curated list of awesome-php-security resources here:
A curated list of awesome PHP Security related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Web Framework Hardening
- Snuffleupagus - Security mondule for PHP7/8, the successsor to suhosin.
- Secure-Headers - Add security related headers to HTTP response.
Static Code Analysis
- Enlightn - Enlightn is a static and dynamic analysis tool to improve the security of Laravel applications.
- Exakat - Exakat is a PHP static code analysis, with serious Security reviews.
phpcs-security-audit - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
docker pull guardrails/phpcs-security-audit
- progpilot - A static analyzer for security purposes.
- Parse - The Parse scanner is a static scanning tool to review your PHP code for potential security-related issues.
- SonarPHP from SonarQube - A…
Did I miss anything? Let me know in the comments.
And, please leave a like (or ⭐ the repo) if you find it useful.