Skip to content

Releases: dgtlss/owaspadvisor

v1.0.2

20 May 08:48
@dgtlss dgtlss
v1.0.2
229a519
Compare
Choose a tag to compare
v1.0.2

Improve the checkDebugMode function to reduce the amount of false flags.

With the previous setup in version 1.0.1 the package would detect add() and flag this as a dd() detection.
This is a false flag and needed to be resolved to improve the accuracy of the OWASP report.

Also added the --dev flag to the composer require command as this is a package that should ideally be ran in your local environment to resolve any issues within your application.

Loading

V1.0.1

18 May 22:57
@dgtlss dgtlss
v1.0.1
06c6e05
Compare
Choose a tag to compare
V1.0.1 Latest
Latest

Fixed an issue where users were seeing

Target class [Dgtlss\OWASPAdvisor\Commands\SecurityAuditCommand] does not exist
Assets 2
Loading

Version 1.0.0 Release!

15 May 12:36
@dgtlss dgtlss
v1.0.0
68ffd52
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 1.0.0 Release!

OWASP Advisor for Laravel - Version 1.0.0 Release Notes

This package is designed to help Laravel developers ensure their applications adhere to the OWASP Top 10 (2021) security guidelines by providing automated security audits and actionable insights.

✨ Key Features

  • Automated Security Audits: Perform comprehensive security checks based on the latest OWASP Top 10 guidelines:
    • A01: Broken Access Control
    • A02: Cryptographic Failures
    • A03: Injection
    • A04: Insecure Design
    • A05: Security Misconfiguration
    • A06: Vulnerable and Outdated Components
    • A07: Identification and Authentication Failures
    • A08: Software and Data Integrity Failures
    • A09: Security Logging and Monitoring Failures
    • A10: Server-Side Request Forgery
  • Multiple Report Formats: Generate security reports in various formats:
    • Console output for quick checks.
    • JSON format for programmatic access.
    • Detailed HTML reports for comprehensive reviews.
  • Configurable Checks: Customise security check thresholds, report storage locations, notification settings, and more via the config/owaspadvisor.php file.
  • Laravel Integration: Seamlessly integrates with Laravel's notification system for security alerts.
  • Interactive CLI:
    • Learn about each OWASP Top 10 category with detailed descriptions using php artisan owasp:info.
    • Easily run audits directly from the command line (php artisan owasp:audit).

🚀 Getting Started

Installation

Install the package via Composer:

composer require dgtlss/owaspadvisor

Publish the configuration and view files:

php artisan vendor:publish --provider="Dgtlss\OWASPAdvisor\OWASPAdvisorServiceProvider" --tag=config
php artisan vendor:publish --provider="Dgtlss\OWASPAdvisor\OWASPAdvisorServiceProvider" --tag=views

Usage

  • Learn about OWASP Top 10: 
    php artisan owasp:info
  • Run a Security Audit: 
    php artisan owasp:audit
php artisan owasp:audit --format=json
php artisan owasp:audit --format=html --save

🛠️ Configuration

Customise the package behaviour by editing the config/owaspadvisor.php file after publishing. This includes settings for:

  • Security check thresholds
  • Report storage location
  • Notification settings
  • Security headers configuration
  • Password requirements
  • Rate limiting rules

We hope this tool helps you build more secure Laravel applications!

Loading