OWASP PHP Security Project

'''ABANDONED: OWASP PHP Security Project You can still find the old source tree, but please be careful. There are many known issues.

The OWASP PHP Security Project was an effort by a group of PHP developers to help secure PHP web applications. The aim was to provide a collection of decoupled, flexible, secure PHP libraries, as well as a collection of PHP tools.

Unfortunately, due to a number of circumstances, the project did not manage to meet these objectives.

Because the code base that was under development was full of serious security issues, the decision was made to delete the code from this repository. The hope is that this will prevent developers from using the code or attempting to learn from it.

If you really do need to retrieve any of the code that once lived here, or if you wish to make an attempt at resurrecting the project, you can use the source tree before the project was abandoned.'''

Links

Legacy code location: https://github.com/OWASP/phpsec/tree/1999edc10a3b755ff2b17bb78376bd53dd40d192 Official Website: phpsec.owasp.org Official Wiki page: owasp.org/phpsec



= Main =

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

INACTIVE OWASP PHP Security Project

OWASP PHP Security Project is an effort by a group of PHP developers in securing PHP web applications, using a collection of decoupled flexible secure PHP libraries, as well as a collection of PHP tools.

READ ME: phpsec/README.md GitHub Repo

What is PHPSEC?
On top of a collection of libraries and tools, PHPSEC contains a sample framework to demonstrate proper usage of the tools and libraries, as well as guidelining new PHP projects. It can also be easily merged with existing PHP code, because it is both decoupled and flexible. Proper usage of PHPSEC will result in the target system being much more secure.

Why PHPSEC?
PHPSEC is suitable for three group of developers:


 * Framework Developers can use the libraries and tools to strengthen their framework security
 * PHP Application Developers can use the library and tools to enhance their application security
 * New PHP Developers can use the tools and libraries to create secure applications from scratch

Project leader
Abbas Naderi


 * valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |

Major Contributors

 * Rahul Chaudhary
 * Abhishek Das
 * Shivam Dixit
 * Achim Hoffmann
 * Zaki Akhmad
 * Minhaz
 * Paulo Guerreiro

Libraries Offered

 * Basic Password Library
 * Advance Password Library
 * User Library and Management
 * Crypto Library
 * Password Library
 * Database Library
 * Download Manager Library
 * HTTP Library
 * Tainted Library
 * Logs Library
 * Session Library
 * Core Library
 * Scanner Tool

Tools Offered

 * XSS Resolver
 * SQL Injection Detector
 * Taint Tracker

Damages Mitigated

 * Brute Force Attacks
 * Cross-site Scripting(XSS) Attacks
 * SQL Injection Attacks
 * Session Fixation, Session Hijacking, Session Guessing
 * Encrypting sensitive information in configuration files
 * Replacement of native PHP's faulty functions
 * A secure PRNG (Pseudorandom number generator)
 * Secure implementation of "remember-me" and "temporary password" features
 * Capability to mark/disallow suspicious strings


 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download

 * OWASP PHPSec project

Website
http://phpsec.owasp.org/

News and Events
Visit us at OWASP APPSEC conference November 2013

Classifications

 * }

= Project About =