snuffleupagus: Security module for php7 and php8
snuffleupagus
Security module for php7 and php8 – Killing bugclasses and virtual-patching the rest!
Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes. It also provides a powerful virtual-patching system, allowing administrators to fix specific vulnerabilities and audit suspicious behaviours without having to touch the PHP code.
Key Features
- No noticeable performance impact
- Powerful yet simple to write virtual-patching rules
- Killing several classes of vulnerabilities
- Unserialize-based code execution
mail-based code execution- Cookie-stealing XSS
- File-upload based code execution
- Weak PRNG
- XXE
- Several hardening features
- Automatic
secureandsamesiteflag for cookies - Bundled set of rules to detect post-compromissions behaviours
- Global strict mode and type-juggling prevention
- Whitelisting of stream wrappers
- Preventing writeable files execution
- Whitelist/blacklist for
eval - Enforcing TLS certificate validation when using curl
- Request dumping capability
- Automatic
- A relatively sane code base:
- A comprehensive test suite close to 100% coverage
- Every commit is tested on several distributions
- An
clang-format-enforced code style - A comprehensive documentation
- Usage of coverity
Download & Use
©2017-2018 NBS System, 2019-2021 Julien (jvoisin) Voisin
