Download the PHP package dgtlss/owaspadvisor without Composer
On this page you can find all versions of the php package dgtlss/owaspadvisor. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download dgtlss/owaspadvisor
More information about dgtlss/owaspadvisor
Files in dgtlss/owaspadvisor
Package owaspadvisor
Short Description A Laravel package to help developers implement OWASP Top 10 security guidelines
License MIT
Informations about the package owaspadvisor
OWASP Advisor for Laravel
A Laravel package that helps developers ensure their applications follow OWASP Top 10 security guidelines.
Features
- Automated security audits based on OWASP Top 10 guidelines (2021)
- Comprehensive security checks across multiple categories:
- A01: Broken Access Control
- A02: Cryptographic Failures
- A03: Injection
- A04: Insecure Design
- A05: Security Misconfiguration
- A06: Vulnerable and Outdated Components
- A07: Identification and Authentication Failures
- A08: Software and Data Integrity Failures
- A09: Security Logging and Monitoring Failures
- A10: Server-Side Request Forgery
- Multiple report formats (Console, JSON, HTML)
- Configurable security checks and thresholds
- Integration with Laravel's notification system for security alerts
- Interactive command-line interface with detailed OWASP information
Installation
You can install the package via composer:
After installation, publish the configuration file:
To publish the views:
Usage
Learning About OWASP Top 10
To learn more about the OWASP Top 10 security risks and get detailed descriptions:
This interactive command will:
- Display information about each OWASP Top 10 category
- Provide descriptions and context for each security risk
- Offer the option to run a security audit immediately
- Link to the official OWASP documentation
Running a Security Audit
To perform a quick OWASP security audit of your Laravel application, use:
OWASP Security Checks
The package performs comprehensive checks in the following categories:
-
Broken Access Control (A01:2021)
- Authorization middleware usage
- Role-based access control implementation
- CORS configuration validation
-
Cryptographic Failures (A02:2021)
- HTTPS configuration
- Encryption at rest
- Password hashing algorithms and settings
-
Injection (A03:2021)
- SQL injection prevention
- XSS vulnerabilities
- CSRF protection
-
Security Configuration (A04:2021)
- Debug mode settings
- Security headers
- Error handling configuration
- Authentication (A05:2021)
- Password policies
- Session security
- Rate limiting implementation
Security Reports
Reports can be generated in three formats:
Console Output
JSON Format
HTML Report
A detailed HTML report that can be saved to your storage directory.
Configuration
The package configuration file (config/owaspadvisor.php
) allows you to customize:
- Security check thresholds
- Report storage location
- Notification settings
- Security headers configuration
- Password requirements
- Rate limiting rules
Contributing
Please see CONTRIBUTING.md for details.
All versions of owaspadvisor with dependencies
laravel/framework Version ^10.0|^11.0|^12.0
illuminate/support Version ^10.0|^11.0|^12.0
illuminate/contracts Version ^10.0|^11.0|^12.0