We're at OWASP AppSecUSA 2013!

Our presentations: framework structure image

PHPSEC

OWASP PHP Security Project is an effort by a group of PHP developers in securing PHP web applications, using a collection of decoupled flexible secure PHP libraries, as well as a collection of PHP tools.

What is PHPSEC?

On top of a collcetion of libraries and tools, PHPSEC contains a sample framework to demonstrate proper usage of the tools and libraries, as well as guidelining new PHP projects. It can also be easily merged with existing PHP code, because it is both decoupled and flexible. Proper usage of PHPSEC will result in the target system being much more secure.

A group of open source volunteers work in OWASP PHPSEC, if you want to join the team, contact us via the project page on OWASP.

Why PHPSEC?

PHPSEC is suitable for three group of developers:

  1. Framework Developers can use the libraries and tools to strengthen their framework security
  2. PHP Application Developers can use the library and tools to enhance their application security
  3. New PHP Developers can use the tools and libraries to create secure applications from scratch

Libraries Offered

  • Basic Password Library
  • Advance Password Library
  • User Library and Management
  • Crypto Library
  • Password Library
  • Database Library
  • Download Manager Library
  • HTTP Library
  • Tainted Library
  • Logs Library
  • Session Library
  • Core Library
  • Scanner Tool
For details about each library please Continue to Documentation

Tools Offered

  • XSS Resolver
  • SQL Injection Detector
  • Taint Tracker

Damages Mitigated

  • Brute Force Attacks
  • Cross-site Scripting(XSS) Attacks
  • SQL Injection Attacks
  • Session Fixation, Session Hijacking, Session Guessing
  • Encrypting sensitive information in configuration files
  • Replacement of native PHP's faulty functions
  • A secure PRNG (Pseudorandom number generator)
  • Secure implementation of "remember-me" and "temporary password" features
  • Capability to mark/disallow suspicious strings
and many more...