Skip to content

Secure your PHP Applications with Contrast Security

    
Secure your PHP Applications with Contrast Security

Contrast is pleased to announce that Assess and SCA support is now available for PHP applications. Although PHP represents a substantial share of server-side application development, it has been widely neglected by security automation tools currently in the market. Our customers and partners have expressed that they want us to bring Contrast’s capabilities to their PHP applications, and we’ve listened.

Our initial support for PHP focuses on the Laravel framework, considered the most popular MVC framework for PHP developers. Its primary repo has 69,000 stars on GitHub, more than double its closest competitor. In the most recent JetBrains survey, 67% of all PHP developers reported using Laravel regularly. Laravel has played a major role in bringing PHP into the modern software engineering mainstream with its first-class support for dependency injection, its routing library, and its ORM integration.

The Contrast PHP agent is implemented as a PHP extension. To use it, simply install the agent package to your server, enable the agent extension, and set the appropriate authentication and configuration settings. Once configured, use your existing processes for manual and/or automated testing to exercise your instrumented application and enable the agent to sense and report vulnerabilities. No specific security testing is needed, as the agent will detect unsafe handling of requests whether the payload is potentially malicious or not.

By taking advantage of function hooks, the Contrast agent is able to observe relevant function calls, trace data through the call stack, and determine when user-controlled data has been handled by the application in insecure ways. It detects a wide variety of vulnerabilities, including SQL injection, OS command injection, path traversal, and reflected XSS (this is a non-exhaustive list).

We are excited to have our PHP agent secure our customers’ applications with the same level of excellence that you’ve come to expect from our other agents. If you’d like to hear more about how Contrast can cover your entire software stack from front-end to back-end, feel free to reach out to us to schedule a demo and our team would be happy to help. 

Brian Sowers, Senior Technical Product Manager, Contrast Security

Brian Sowers, Senior Technical Product Manager, Contrast Security

Brian spent 14 years in software engineering and security assurance roles focused largely on .NET web applications. He has worked for large technology and media companies, small startups, regulatory agencies, and many others in between. He is passionate about building applications that bridge the gap between security and engineering.