Secure your PHP applications with Contrast Security

0

Contrast is pleased to announce that support for Assess and SCA is now available for PHP applications. Although PHP represents a substantial part of server-side application development, it has been largely overlooked by security automation tools on the market today. Our customers and partners have expressed their desire for us to bring Contrast functionality to their PHP applications, and we have listened.

Our initial support for PHP focuses on the Laravel framework, considered the most popular MVC framework for PHP developers. Its main repository has 69,000 stars on GitHub, more than double that of its nearest competitor. In the most recent JetBrains Survey, 67% of all PHP developers said they use Laravel regularly. Laravel played a major role in bringing PHP into the mainstream of modern software engineering with its first-class support for dependency injection, routing library, and ORM integration.

The PHP Contrast agent is implemented as a PHP extension. To use it, simply install the agent package on your server, enable the agent extension, and set the appropriate authentication and configuration settings. Once configured, use your existing processes for manual and/or automated testing to exercise your instrumented application and allow the agent to detect and report vulnerabilities. No specific security testing is needed, as the agent will detect insecure processing of requests, whether the payload is potentially malicious or not.

By leveraging function hooks, the Contrast agent is able to observe relevant function calls, track data in the call stack, and determine when user-controlled data has been processed by the application in an insecure manner. It detects a wide variety of vulnerabilities, including SQL injection, OS command injection, path traversal, and reflected XSS (this is a non-exhaustive list).

We are delighted that our PHP agent secures our customers’ applications with the same level of excellence that you expect from our other agents. If you would like to learn more about our PHP capabilities, please Contact us.

Brian Sowers, Senior Technical Product Manager, Contrast Security

Brian Sowers, Senior Technical Product Manager, Contrast Security

Brian spent 14 years in software engineering and security assurance roles, primarily focused on .NET web applications. He has worked for large tech and media companies, small startups, regulatory agencies and many more in between. He is passionate about creating applications that bridge the gap between security and engineering.

Contrast is pleased to announce that support for Assess and SCA is now available for PHP applications. Although PHP represents a substantial part of server-side application development, it has been largely overlooked by security automation tools on the market today. Our customers and partners have expressed their desire for us to bring Contrast functionality to their PHP applications, and we have listened.

Our initial support for PHP focuses on the Laravel framework, considered the most popular MVC framework for PHP developers. Its main repository has 69,000 stars on GitHub, more than double that of its nearest competitor. In the most recent JetBrains Survey, 67% of all PHP developers said they use Laravel regularly. Laravel played a major role in bringing PHP into the mainstream of modern software engineering with its first-class support for dependency injection, routing library, and ORM integration.

The PHP Contrast agent is implemented as a PHP extension. To use it, simply install the agent package on your server, enable the agent extension, and set the appropriate authentication and configuration settings. Once configured, use your existing processes for manual and/or automated testing to exercise your instrumented application and allow the agent to detect and report vulnerabilities. No specific security testing is needed, as the agent will detect insecure processing of requests, whether the payload is potentially malicious or not.

By leveraging function hooks, the Contrast agent is able to observe relevant function calls, track data in the call stack, and determine when user-controlled data has been processed by the application in an insecure manner. It detects a wide variety of vulnerabilities, including SQL injection, OS command injection, path traversal, and reflected XSS (this is a non-exhaustive list).

We are delighted that our PHP agent secures our customers’ applications with the same level of excellence that you expect from our other agents. If you would like to learn more about our PHP capabilities, please Contact us.

Share.

Comments are closed.