Tools

Web Framework Hardening

Enlightn - Enlightn is a static and dynamic analysis tool to improve the security of Laravel applications.
Exakat - Exakat is a PHP static code analysis, with serious Security reviews.
phpcs-security-audit - phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.
- docker pull guardrails/phpcs-security-audit
progpilot - A static analyzer for security purposes.
Parse - The Parse scanner is a static scanning tool to review your PHP code for potential security-related issues.
SonarPHP from SonarQube - A static code analyser for PHP language used as an extension for the SonarQube platform (200+ rules, Supports up to PHP 8, Import of unit test and coverage results, Support of custom rules)

security-checker - PHP frontend for security.symfony.com.
- docker pull guardrails/security-checker
Symfony Security Monitoring - PHP security vulnerabilities monitoring.
roave/security-advisories - Add this dependency to disallow known/vulnerable installation of packages directly through composer update
Security Advisories - A database of PHP security advisories.
php-malware-detector - PHP malware detector

DVWA - Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
Insecure PHP Example - This is an example application built using Silex for routing to provide examples of SQL Injection, plain text passwords and XSS.

GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
RIPS - RIPS is the leading security analysis solution for PHP
Snyk - A developer-first solution that automates finding & fixing vulnerabilities in your dependencies.
Sqreen - Automated security for your web apps - real time application security protection.
Paragon Initiative Enterprises - PHP Security and Cryptography consultants, open source library publishers.

原文：https://github.com/guardrailsio/awesome-php-security