Difference between revisions of "OWASP PHP Security Project"

From OWASP
Jump to: navigation, search
(Temporary owasp wiki)
(13 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
= Main =
 
= Main =
 +
[[File:Small-phpsec.png]]
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
==OWASP PHP Security Project==
 
OWASP PHP Security Project is an effort by a group of PHP developers in securing PHP web applications, using a collection of decoupled flexible secure PHP libraries, as well as a collection of PHP tools.
 
OWASP PHP Security Project is an effort by a group of PHP developers in securing PHP web applications, using a collection of decoupled flexible secure PHP libraries, as well as a collection of PHP tools.
  
 
[https://github.com/owasp/phpsec/ GitHub Repo]
 
[https://github.com/owasp/phpsec/ GitHub Repo]
  
=What is PHPSEC?=
+
==What is PHPSEC?==
 
On top of a collcetion of libraries and tools, PHPSEC contains a sample framework to demonstrate proper usage of the tools and libraries, as well as guidelining new PHP projects. It can also be easily merged with existing PHP code, because it is both decoupled and flexible. Proper usage of PHPSEC will result in the target system being much more secure.
 
On top of a collcetion of libraries and tools, PHPSEC contains a sample framework to demonstrate proper usage of the tools and libraries, as well as guidelining new PHP projects. It can also be easily merged with existing PHP code, because it is both decoupled and flexible. Proper usage of PHPSEC will result in the target system being much more secure.
  
=Why PHPSEC?=
+
==Why PHPSEC?==
 
PHPSEC is suitable for three group of developers:
 
PHPSEC is suitable for three group of developers:
  
Line 14: Line 19:
 
* New PHP Developers can use the tools and libraries to create secure applications from scratch
 
* New PHP Developers can use the tools and libraries to create secure applications from scratch
  
=Features=
+
==Project leader==
 +
 
 +
[https://www.owasp.org/index.php/User:Abbas_Naderi Abbas Naderi]
 +
 
 +
| valign="top"  style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
==Major Contributors==
 +
*Rahul Chaudhary
 +
*Abhishek Das
 +
*Shivam Dixit
 +
*Achim
 +
*Zakia Ahmad
 +
*AV Minhaz
 +
*Paulo Guerreiro
  
 
==Libraries Offered==
 
==Libraries Offered==
Line 36: Line 54:
 
* Taint Tracker
 
* Taint Tracker
  
=Damages Mitigated=
+
==Damages Mitigated==
 
* Brute Force Attacks
 
* Brute Force Attacks
 
* Cross-site Scripting(XSS) Attacks
 
* Cross-site Scripting(XSS) Attacks
Line 46: Line 64:
 
* Secure implementation of "remember-me" and "temporary password" features
 
* Secure implementation of "remember-me" and "temporary password" features
 
* Capability to mark/disallow suspicious strings
 
* Capability to mark/disallow suspicious strings
 +
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 +
== Quick Download ==
 +
 +
* [http://github.com/OWASP/phpsec/archive/master.zip OWASP PHPSec project]
 +
 +
 +
== Website ==
 +
 +
http://phpsec.owasp.org/
 +
 +
== News and Events ==
 +
[http://appsecusa2013.sched.org/event/4a0421d19aad48a7fbe35ec97899936c#.UoI2Jfmfhv8 Visit us at OWASP APPSEC conference November 2013]
 +
==Classifications==
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=:Category:OWASP_Project#tab=Terminology]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |}
 +
 +
|}
 +
  
 
= Project About =
 
= Project About =
 
{{:Projects/OWASP_PHP_Security_Project}}  
 
{{:Projects/OWASP_PHP_Security_Project}}  
  
[[Category:OWASP Project]]
+
 
 +
__NOTOC__ <headertabs />
 +
 
 +
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:OWASP_Download]]

Revision as of 13:16, 12 November 2013

[edit]

Small-phpsec.png

OWASP PHP Security Project

OWASP PHP Security Project is an effort by a group of PHP developers in securing PHP web applications, using a collection of decoupled flexible secure PHP libraries, as well as a collection of PHP tools.

GitHub Repo

What is PHPSEC?

On top of a collcetion of libraries and tools, PHPSEC contains a sample framework to demonstrate proper usage of the tools and libraries, as well as guidelining new PHP projects. It can also be easily merged with existing PHP code, because it is both decoupled and flexible. Proper usage of PHPSEC will result in the target system being much more secure.

Why PHPSEC?

PHPSEC is suitable for three group of developers:

  • Framework Developers can use the libraries and tools to strengthen their framework security
  • PHP Application Developers can use the library and tools to enhance their application security
  • New PHP Developers can use the tools and libraries to create secure applications from scratch

Project leader

Abbas Naderi

Major Contributors

  • Rahul Chaudhary
  • Abhishek Das
  • Shivam Dixit
  • Achim
  • Zakia Ahmad
  • AV Minhaz
  • Paulo Guerreiro

Libraries Offered

  • Basic Password Library
  • Advance Password Library
  • User Library and Management
  • Crypto Library
  • Password Library
  • Database Library
  • Download Manager Library
  • HTTP Library
  • Tainted Library
  • Logs Library
  • Session Library
  • Core Library
  • Scanner Tool

Tools Offered

  • XSS Resolver
  • SQL Injection Detector
  • Taint Tracker

Damages Mitigated

  • Brute Force Attacks
  • Cross-site Scripting(XSS) Attacks
  • SQL Injection Attacks
  • Session Fixation, Session Hijacking, Session Guessing
  • Encrypting sensitive information in configuration files
  • Replacement of native PHP's faulty functions
  • A secure PRNG (Pseudorandom number generator)
  • Secure implementation of "remember-me" and "temporary password" features
  • Capability to mark/disallow suspicious strings

Quick Download


Website

http://phpsec.owasp.org/

News and Events

Visit us at OWASP APPSEC conference November 2013

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP PHP Security Project (home page)
Purpose: OWASP PHP Security project plans to gather around secure PHP libraries, and provide a full featured framework of libraries for secure web applications in PHP, both as separate de-coupled libraries and as a whole secure web application framework. Many aspects of this project are already handled, and are being added to OWASP.
License: Creative Commons Attribution ShareAlike 3.0 License (best for documentation projects)
who is working on this project?
Project Leader(s):
  • Abbas Naderi @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Abbas Naderi @ to contribute to this project
  • Contact Abbas Naderi @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases