phpSec

phpSec will help webmasters that can't afford to pay thousands and thousands of dollars every month for advanced security systems or Web-based firewalls.

The library provides a free set of tools that will help them protect their applications against a series of basic attacks and vulnerabilities in PHP-based applications.

While pretty secure, phpSec is also developer friendly, being written in OOP PHP and currently being made Composer-friendly for easy inclusion in any project around.

Features:

• Automatically encrypt data
• Random data generator
• Support for password hashing
• Secure session handler
• CSRF protection
• Command Injection protection
• Yubikey integration
• Authy integration
• Google Autenticator integration
• Powerful XSS filter
• PSR-0 compatible
• Composer friendly

What is new in this release:

• Use timing safe comparison when comparing hashes.
• Default password hashing method is now Bcrypt.
• Clean up the way we start sessions.
• Add a timing safe comparison function (\phpSec\String\Compare).

Requirements:

• PHP 5.3.7 or higher