InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises. Learn more →
Top 23 PHP Security Projects
-
Matomo
Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!
Project mention: What is the proper way to see how many monthly active users you have? | reddit.com/r/django | 2023-01-27http://matomo.org/ is open source and GDPR compliant
-
labs
This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
-
Cloudways
Managed Cloud Hosting Platform. Cloudways leverages advanced technology and powerful servers. Cloudways is a one-click managed cloud hosting platform that provides cloud application and server management solutions. Get up to 2 months of Free Hosting by using code "LIBHUNT" and get a $30 free hosting credit.
-
-
You could spin up a version of dvwa and scan that. https://github.com/digininja/DVWA
-
Project mention: Aside from OWASP, are there other relevant certs to get for App Sec? | reddit.com/r/cybersecurity | 2022-08-23
For resources : https://github.com/paragonie/awesome-appsec
-
PHP libraries that provide support for asymmetric encryption OpenSSL: https://www.php.net/manual/en/book.openssl.php phpseclib: https://github.com/phpseclib/phpseclib Sodium: https://www.php.net/manual/en/book.sodium.php
-
PrivateBin
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
Project mention: Pastenym.ch - A privacy focused pastebin service w/ IPFS support | reddit.com/r/privacy | 2023-01-23How is it different from PrivateBin?
-
InfluxDB
Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.
-
Yes but … the frontend/ui is still trying to check the health of each process by checking in /proc/{PID} like in previous and shows that the process maybe start but it couldn’t check if it’s alive or not. An issue was created and we’re waiting for the patch to be integrated in a future version.
-
Project mention: Where can I get hands on practice for cybersecurity as a beginner over internet for free? | reddit.com/r/cybersecurity | 2023-01-25
-
Phab supports now encryption and decryption of files and strings. It uses defuse/php-encryption, a widely used library for encryption under the hood. You can encrypt files in a script with
-
Project mention: New Deployment Option for Self-Hosting Bitwarden | reddit.com/r/selfhosted | 2022-12-08
I don't have anything to do with this particular app - but came across this the other day. Its specifically built for managing credentials across an org. https://www.passbolt.com/
-
Project mention: Best way to only allow a user to view their own models? | reddit.com/r/laravel | 2022-10-12
Bouncer on the other hand supports scoped permission assignments where the assigned permission applies to a specific model only.
-
For HTML specifically, HTMLPurifier is pretty well known.
-
PHPGGC
PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.
Project mention: An Unsafe Deserialization Vulnerability and Types of Deserialization | dev.to | 2022-12-10PHPGCC
-
We use snyk, but I have found symfonys security checker to be the quickest to catch vulns: https://github.com/fabpot/local-php-security-checker
-
-
Github: https://github.com/cartalyst/sentinel Documentation: https://cartalyst.com/manual/sentinel/6.x
-
Project mention: What am I missing? GrapesJS + Cloudflare = Static website for the cost of a domain? Seems too good to be true. | reddit.com/r/webdev | 2022-11-12
Also, for a bit more complex although richer in features workflow, you might try Wordpress with the Block Editor (or any page builder like Elementor) and the [WP2Static](https://github.com/WP2Static/wp2static) plugin, which allows you to turn a Wordpress site into a static one!
-
-
Sounds like https://github.com/paragonie/halite. What does this do better?
-
After several projects where I crafted slightly login systems for each.. and then realised that I needed to maintain them in future. I've started using delight-im/PHP-Auth it's pretty sweet with good documentation.
-
mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.
-
Latte
☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.
Project mention: Recommended using template engine in non framework projects? | reddit.com/r/PHP | 2023-01-14 -
SonarLint
Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-01-27.
PHP Security related posts
- Best combination of free/open-source software packages to create a home network filter phone app?
- crypto: NEW Data - star count:377.0
- crypto: NEW Data - star count:377.0
- crypto: NEW Data - star count:377.0
- crypto: NEW Data - star count:377.0
- crypto: NEW Data - star count:377.0
- crypto: NEW Data - star count:377.0
-
A note from our sponsor - InfluxDB
www.influxdata.com | 28 Jan 2023
Index
What are some of the best open-source Security projects in PHP? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Matomo | 17,249 |
| 2 | labs | 11,097 |
| 3 | random_compat | 8,047 |
| 4 | DVWA | 7,104 |
| 5 | awesome-appsec | 5,418 |
| 6 | PHPSecLib | 4,954 |
| 7 | PrivateBin | 4,671 |
| 8 | MISP | 4,184 |
| 9 | pfSense | 4,011 |
| 10 | PHP Encryption | 3,569 |
| 11 | Passbolt | 3,492 |
| 12 | bouncer | 3,189 |
| 13 | HTML Purifier | 2,680 |
| 14 | PHPGGC | 2,523 |
| 15 | SensioLabs Security Check | 1,907 |
| 16 | IniScan | 1,468 |
| 17 | Sentinel | 1,426 |
| 18 | wp2static | 1,268 |
| 19 | Optimus | 1,219 |
| 20 | Halite | 1,070 |
| 21 | PHP-Auth | 943 |
| 22 | mutillidae | 935 |
| 23 | Latte | 910 |
Clean code begins in your IDE with SonarLint
Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.
www.sonarlint.org