Snuffleupagus is a PHP7+ and PHP8+ module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code.



We would like to thank the following people:

  • Suhosin, for paving the way.

  • Hardened PHP, for everything they did, especially the Month of PHP Security.

  • The people behind the RIPS scanner, for their ground breaking work

  • NBS System, for creating and open-sourcing this piece of software

  •, for keeping our interesting vulnerabilities alive

  • Web developers around the world, for being so imaginative