Code Monkey home page Code Monkey logo

php-vulnerability-test-suite's Introduction

PHP Vulnerability test suite

Collection of vulnerable and fixed PHP synthetic test cases expressing specific flaws.

You can search for speficic files and /or vulnerabilities on https://samate.nist.gov/SARD/search.php where the test suite is hosted.

Vulnerability categories description

  • IDOR : Insecure Direct Object Reference

    • CWE 862 : Missing Authorization

  • Injection : Injection

    • CWE 78 : OS Command Injection
    • CWE 89 : SQL Injection
    • CWE 90 : LDAP Injection
    • CWE 91 : XML Injection
    • CWE 95 : File Injection
    • CWE 98 : PHP Remote File Inclusion

  • SDE : Sensitive Data Exposure

    • CWE 311 : Missing Encryption of Sensitive Data
    • CWE 327 : Use of a Broken or Risky Cryptographic Algorithm

  • SM : Security Misconfiguration

    • CWE 209 : Information Exposure Through an Error Message

  • URF : URL Redirects and Forwards

    • CWE 601 : URL Redirection to Untrusted Site

  • XSS : Cross-site Scripting

    • CWE 79 : Cross-site Scripting

Output report

The test suite contains:

Vulnerability Safe samples Unsafe samples Total samples
IDOR 400 80 480
Injection 20912 5920 26832
SDE 5 7 12
SM 5 3 8
URF 2208 2592 4800
XSS 5728 4352 10080
Total 29258 12954 42212

Directory tree

Vulnerability categories
└── CWE numbers
    ├── Safe samples
    │   └── PHP files
    └── Unsafe samples
        └── PHP files

Discussion

For discussion please send me an email at: Bertrand 'dot' STIVALET 'at' gmail.com

php-vulnerability-test-suite's People

Contributors

rahmiy avatar stivalet avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.