Suhosin - Protection System for PHP Installations

  •        273

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. It comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections. PHP is a very complex programming language with a lot of pitfalls that are often overseen during the development of applications. Even PHP core programmers are writing insecure code from time to time, because they did not know about a PHP pitfall. Therefore it is always a good idea to have Suhosin as your safety net.

http://www.hardened-php.net/suhosin/

Tags
Implementation
License
Platform

   




Related Projects

qark - Tool to look for several security related Android application vulnerabilities


Quick Android Review Kit - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.

Cryptlib - provides Encryption and Authentication Service


cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

w3af - Web Application Attack and Audit Framework


w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.

pfSense - Firewall and Routing platform


pfSense is a powerful, flexible firewalling and routing platform. It includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a stateful firewall, by default all rules are stateful. A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.

Acra - Database protection suite with selective encryption and intrusion detection


Acra helps you to easily secure your databases in distributed, microservice-rich environments. It allows you to selectively encrypt sensitive records with strong multi-layer cryptography, detect potential intrusions and SQL injections and cryptographically compartment data stored in large sharded schemes. It's security model guarantees that compromising the database or your application does not leak sensitive data, or keys to decrypt it.



Admin Secure


Admin Secure is an add-on script for PHP-Nuke web portal system. This add-on gives you additional protection schemes from common hacking activities. Admin Secure is an alternate protection for your PHP-Nuke based website.

Geeklog - The Secure CMS


Geeklog manages dynamic web content. "Out of the box", it is a blog engine, or a CMS with support for comments, trackbacks, multiple syndication formats, spam protection, and all the other vital features of such a system. Geeklog was originally developed for the Security Geeks web site.

OWASP Joomla Vulnerability Scanner Project


Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site. A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site. It Searches known vulnerabilities of Joomla! and its components, Web application firewall detection and lot more.

klar - Integration of Clair and Docker Registry


Klar is a simple tool to analyze images stored in a private or public Docker registry for security vulnerabilities using Clair https://github.com/coreos/clair. Klar is designed to be used as an integration tool so it relies on enviroment variables. It's a single binary which requires no dependencies.Klar process returns 0 if number of detected high severity vulnerabilities in an image is less or equals than threshold (see below), otherwise it returns 1.

click-security-manager - Security manager (with GUI) for dynamic protection of URLs and paths.


Security manager (with GUI) for dynamic protection of URLs and paths.

The ButterFly - Security Project


The ButterFly project is an educational environment intended to give an insight into common web application and PHP vulnerabilities. The environment also includes examples demonstrating how such vulnerabilities are mitigated.

SIFA


SIFA (Secure Information Flow Analyser) uses a graph-based approach to reason about the possible vulnerabilities of a system from an information security perspective, supporting multiple views over the system. SIFA is an experimental prototype.

Themis - Crypto library for storage and messaging for ObjC, Android, C++, JS, Python, Ruby and PHP


Themis is open-source high-level cryptographic services library for mobile and server platforms, providing secure messaging and secure data storage. Themis provides three important cryptographic services Secure messaging, Secure session and Secure storage.

Ani-Shell


Ani-Shell is a PHP remote shell, basically used for remote access and security pen testing. Ani-Shell provides a robust and a basic interface to access the file system, do some networking tweaks and even test your server for some common security vulnerabilities. The developer has tried to follow a coding standard which makes the code a little clean and easier to understand, Note: How you use this shell is exactly on you, and author pays no responsibility for what you use it for and what ma

sourceradar - Cross-language code security scanner that helps you keep vulnerabilities on your radar


Cross-language code security scanner that helps you keep vulnerabilities on your radar

sourceradar - Cross-language code security scanner that helps you keep vulnerabilities on your radar


Cross-language code security scanner that helps you keep vulnerabilities on your radar

hackme - Demonstrates many common security vulnerabilities


Demonstrates many common security vulnerabilities

Stack - Stack of PHP/Suhosin/APC/Nginx/PostgreSQL


Stack of PHP/Suhosin/APC/Nginx/PostgreSQL

VladGh.com-LEMP - Latest NginX, MySQL, PHP (with APC and Suhosin)


Latest NginX, MySQL, PHP (with APC and Suhosin)

IIS Secure Parameter Filter (SPF)


SPF is an application security module Microsoft IIS web servers. SPF provides instant out-of-the-box protection against Parameter Tampering, Cross-Site Scripting (XSS), URL Manipulation, Cross-Site Request Forgery (CSRF), and Session Hijacking/Replay attacks.