Package: wnpp Owner: Georg Faerber <georg@riseup.net> Severity: wishlist Package name : snuffleupagus Version : 0.2.2 Upstream Author : 2017 NBS System URL : https://github.com/nbs-system/snuffleupagus License : GNU Lesser General Public License v3.0 Programming Lang: C / PHP Description : security module for php7 snuffleupagus is a PHP 7+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes. It also provides a powerful virtual-patching system, allowing administrators to fix specific vulnerabilities and audit suspicious behaviours without having to touch the PHP code. Key Features - Close to zero performance impact - Powerful yet simple to write virtual-patching rules - Killing several classes for vulnerabilities - Unserialize-based code execution - mail-based code execution - Cookie-stealing XSS - File-upload based code execution - Weak PRNG - XXE Hardening features - Automatic secure and samesite flag for cookies - Bundled set of rule to detect post-compromissions behaviours - Global strict mode - Preventing writeable files execution - Whitelist/blacklist for eval - Request dumping capability
Attachment:
signature.asc
Description: Digital signature