Snuffleupagus

Snuffleupagus is a PHP7+ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code.

Documentation

• Features
  • Bug classes killed or mitigated
  • Exploitation, post-exploitation and general hardening
• Installation
  • Manual installation
  • Upgrading
• Configuration
  • Configuration file format
  • Miscellaneous
  • Bugclass-killer features
  • Virtual-patching
• Download
  • Arch Linux
  • Alpine Linux
  • Debian and Ubuntu
  • Source code
• Changelog
  • 0.2.2 - Elephant Moraine 2018/04/12
  • 0.2.1 - Elephant Point 2018/02/07
  • 0.2.0 - Elephant Rally - 2018/01/18
  • 0.1.0 - Mighty Mammoth - 2017/12/21
• FAQ
  • General
  • Installation and configuration
  • Help and support
  • Unimplemented mitigations and abandoned ideas
• Propaganda
  • Talks
  • Articles
  • Notable users

Greetings

We would like to thank the following people:

• Suhosin, for paving the way.
• Hardened PHP, for everything they did, especially the Month of PHP Security.
• The people behind the RIPS scanner, for their ground breaking work
• NBS System, for creating and open-sourcing this piece of software
• Websec.fr, for keeping our interesting vulnerabilities alive
• Web developers around the world, for being so imaginative