Top PHP Frameworks & Libraries for security

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types incl...

This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome....

Damn Vulnerable Web Application (DVWA)

A curated list of resources for learning about application security

MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)...

A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES....

Platform-Agnostic Security Tokens

Eloquent roles and abilities.

Passbolt CE Backend, a JSON API written with Cakephp

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in is...

PHP frontend for security.symfony.com

The security system is one of the most powerful parts of Symfony and can largely be controlled via its configuration....

Captcha for Laravel 5/6/7/8

A database of PHP security advisories

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security....

A php.ini scanner for best security practices

A framework agnostic authentication & authorization system.

The Security component provides a complete security system for your web application.

Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so call...

The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens....

The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control....

Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so call...

A flexible, driver based Acl package for PHP 5.4+

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of email...

WordPress static site generator for security, performance and cost benefits

An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .

PHP Secure Configuration Checker

Pure PHP polyfill for ext/sodium

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application...

PHP library for Two Factor Authentication (TFA / 2FA)

Authentication for PHP. Simple, lightweight and secure.

Security, performance, marketing, and design tools — Jetpack is made by the WordPress experts to make WP sites safer and faster, and help you grow your traffic....

Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets...