PHP Classes
elePHPant
Icontem

BAST PHP Security Test: Test if PHP or Apache have vulnerabilities

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Info   Screenshots Screenshots   View files View files (3)   DownloadInstall with Composer Download .zip   Reputation   Support forum (2)   Blog    
Last Updated Ratings Unique User Downloads Download Rankings  
2013-08-28 (1 year ago) RSS 2.0 feedStarStarStarStar 63%Total: 1,463 All time: 2,528 This week: 1,082Up
Version License PHP version Categories  
bast-security-tester 1.13.28GNU Lesser Genera...5.0PHP 5, Security
Description Author  

This class can test if the current PHP or Apache versions have security vulnerabilities.

It can determine the current versions of PHP or Apache in use as well its modules and extensions and performs checks to see if those versions have known security vulnerabilities.

The class can display the results with the list of found vulnerabilities as well URLs of the pages that describe those vulnerabilities.

Innovation Award  
PHP Programming Innovation award winner
October 2012
Winner


Prize: One downloadable copy of PhpED Professional
Apache and PHP are often used together to serve many sites throughout the Web.

Often each new version of these projects fixes bugs that can compromise the security of the Web sites on which they are used.

This class manages a database of known security bugs present in each version of Apache and PHP.

With this information, the class can tell exactly which bugs are present in the current version of Apache and PHP in use in the current site.

This information is helpful to help developers and systems administrators to determine if they need to upgrade to a newer version of Apache and PHP when the current version has known serious security bugs.

Manuel Lemos
Picture of Artur Graniszewski
Name: Artur Graniszewski is available for providing paid consulting. Contact Artur Graniszewski .
Classes: 13 packages by
Country: Poland Poland
Age: 33
All time rank: 3205 in Poland Poland
Week rank: 455 Down14 in Poland Poland Down
Innovation award
Innovation award
Nominee: 7x

Winner: 1x

Details provided by the author  
HOW TO USE:
-----------------------
1) launch the index.php file (and see it's contents for details)

or

2) include the SecurityTest.php in your application and create the MainTest like so:

new MainTest();


DISCLAIMER:
-----------------------
This is just a set of simple security tests created in PHP and targeted mainly for PHP and Apache software. If you don't see any vulnerabilities listed in report, then do not think your system is secure (it's just that this class failed to find any weakneses).

KEEPING UP TO DATE:
---------------------
This class and its database will be updated every time the new version of tested software (PHP/Apache) will be released to public.

FEEDBACK:
----------------------
If you found any bug or inconcistency in my class, please do not hesitate and contact by sending email to aargoth@boo.pl. Your feedback will be greatly appreciated and used to improve this class.

TODO:
-----------------------
Better OS detection, more detailed reports, tests for Lighthttpd, MySQL, PostgreSQL, FTP, SSH. Improved tests for open_basedir path traversal, local port scans (to detect other software installed on server but not connected with PHP).

CHANGELOG:
-----------------------
1.12.09.28:
- initial version

1.12.10.08:
- DB update: Added 3 security vulnerabilities for Apache 2.4.x (1 important, 2 low)


1.13.03.28:
- DB update: Added security vulnerabilities for Apache and PHP

1.13.09.28:
- DB update: Added security vulnerabilitues for Apache (6 moderate-to-low) and PHP (more than 8).
- Reporting End-of-life warning for old software.


Cheers,
- Artur Graniszewski

Screenshots  
  • report.png
  Files folder image Files  
File Role Description
Plain text file SecurityTest.php Class Main class
Accessible without login Plain text file index.php Example Index file
Accessible without login Plain text file readme.txt Doc. Documentation

 Version Control Unique User Downloads Download Rankings  
 0%Total:1,463All time:2,528
 This week:0This week:1,082Up
 User Ratings  
 
 All time
Utility:83%StarStarStarStarStar
Consistency:75%StarStarStarStar
Documentation:66%StarStarStarStar
Examples:75%StarStarStarStar
Tests:-
Videos:-
Overall:63%StarStarStarStar
Rank:649