PHP Security

Open-source PHP projects categorized as Security

Top 23 PHP Security Projects

  • GitHub repo labs

    This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.

    Project mention: How to “dockerize” existing web apps (“php + mySQL” app, and “node.js + express + mongodb” app) | reddit.com/r/docker | 2021-03-11

    You can find some intro and tutorials to catch up on docker https://github.com/docker/labs

  • GitHub repo random_compat

    PHP 5.x support for random_bytes() and random_int()

  • GitHub repo DVWA

    Damn Vulnerable Web Application (DVWA)

    Project mention: Getting into cybersecurity | reddit.com/r/cscareerquestions | 2021-04-08

    Hands-on security: Juice Shop and Damn Vulnerable Web App are good choices, along with Capture the Flag competitions

  • GitHub repo awesome-appsec

    A curated list of resources for learning about application security

  • GitHub repo PHPSecLib

    PHP Secure Communications Library

  • GitHub repo PHP Encryption

    Simple Encryption in PHP.

    Project mention: How I Documented, Encrypted, and Tested My First REST API | dev.to | 2021-02-17

    I encrypted my data using defuse/php-encryption. This library, claiming to be secure, unlike other libraries, did the encryption and decryption for me. To encrypt and decrypt, I needed my own key, which I generated by running

  • GitHub repo pfSense

    Main repository for pfSense

    Project mention: La pénurie globale va également affecter les routeurs, c'est l'effet boule de neige | reddit.com/r/france | 2021-04-12
  • GitHub repo bouncer

    Eloquent roles and abilities.

    Project mention: Multi-tenancy/user roles - tutorial suggestions | reddit.com/r/laravel | 2021-02-15

    I only have experience with Bouncer but it has worked well for me. As a basic hypothetical scenario, you can create different roles and abilities such as:

  • GitHub repo Passbolt

    Passbolt CE Backend, a JSON API written with Cakephp

    Project mention: What’s the best way to share login details with a family member? | reddit.com/r/privacy | 2021-04-10
  • GitHub repo HTML Purifier

    Standards compliant HTML filter written in PHP

    Project mention: Can build in Markdown library limit the use of certain tags? | reddit.com/r/laravel | 2021-02-19

    Have you looked at HTML Purifier?

  • GitHub repo SensioLabs Security Check

    A database of PHP security advisories

  • GitHub repo PHPGGC

    PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

  • GitHub repo IniScan

    A php.ini scanner for best security practices

  • GitHub repo Sentinel

    A framework agnostic authentication & authorization system. (by cartalyst)

  • GitHub repo Optimus

    🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

    Project mention: API: external UUID to internal ID in validation or controller or ? | reddit.com/r/laravel | 2021-02-19

    To obfuscate id there are several solutions, other than the already mentioned hashids you can try this one https://github.com/jenssegers/optimus

  • GitHub repo wp2static

    WordPress static site generator for security, performance and cost benefits

    Project mention: Creating a minimalist blog with Jekyll Now | news.ycombinator.com | 2021-04-11

    This is my exact feeling. I have a Hugo-powered blog, but like you said, I miss the ability to draft something quickly when I'm inspired. Right now, the best option I have found is self-hosting Ghost with some aggressive Cloudflare caching.

    I considered using wp2static[0] before starting with Ghost. Have you published your exporter?

    [0] https://github.com/leonstafford/wp2static

  • GitHub repo Halite

    High-level cryptography interface powered by libsodium

  • GitHub repo RandomLib

    A library for generating random numbers and strings

  • GitHub repo PHP-Auth

    Authentication for PHP. Simple, lightweight and secure.

    Project mention: Authentication System | reddit.com/r/PHPhelp | 2020-12-23

    There are a bunch out there but have a look at this one for instance: https://github.com/delight-im/PHP-Auth

  • GitHub repo TwoFactorAuth

    PHP library for Two Factor Authentication (TFA / 2FA) (by RobThree)

  • GitHub repo PHP IDS

    PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

  • GitHub repo Latte

    ☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.

  • GitHub repo AntiXSS

    ㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-04-12.

Index

What are some of the best open-source Security projects in PHP? This list will help you:

Project Stars
1 labs 9,770
2 random_compat 7,798
3 DVWA 5,085
4 awesome-appsec 4,494
5 PHPSecLib 4,317
6 PHP Encryption 3,256
7 pfSense 3,069
8 bouncer 2,646
9 Passbolt 2,457
10 HTML Purifier 2,144
11 SensioLabs Security Check 1,628
12 PHPGGC 1,562
13 IniScan 1,459
14 Sentinel 1,357
15 Optimus 1,089
16 wp2static 970
17 Halite 941
18 RandomLib 814
19 PHP-Auth 730
20 TwoFactorAuth 729
21 PHP IDS 711
22 Latte 631
23 AntiXSS 410