From fc82f09a109e2ba84d037804c43ad36b0e2d2774 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 5 Jan 2019 15:41:02 +0100 Subject: Improve a bit the readme --- README.md | 62 ++++++++++++++++++++++++++++++++++---------------------------- 1 file changed, 34 insertions(+), 28 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 346f0f8..96732d7 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@


- Snuffleupagus' logo + Snuffleupagus' logo
Snuffleupagus
@@ -15,28 +15,28 @@ alt="Travis-ci"> - gitlab pipeline testing _all_ distributions - + gitlab pipeline testing _all_ distributions + - Coverity - + Coverity + CII Best Practises + alt="CII Best Practises"> readthedocs.org + alt="readthedocs.org"> coveralls + alt="coveralls"> twitter + alt="twitter">

@@ -44,9 +44,9 @@ Key FeaturesDownloadExamples • - Documentation • + DocumentationLicense • - Thanks + Thanks

Snuffleupagus is a [PHP 7+](https://secure.php.net/) module designed to @@ -60,21 +60,27 @@ without having to touch the PHP code. * Close to zero performance impact * Powerful yet simple to write virtual-patching rules * Killing several classes of vulnerabilities - * [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution - * [`mail`-based]( https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ ) code execution - * Cookie-stealing [XSS]( https://en.wikipedia.org/wiki/Cross-site_scripting ) - * File-upload based code execution - * Weak PRNG - * [XXE]( https://en.wikipedia.org/wiki/XML_external_entity_attack ) -* Hardening features - * Automatic `secure` and `samesite` flag for cookies - * Bundled set of rules to detect post-compromissions behaviours - * Global [strict mode]( https://secure.php.net/manual/en/migration70.new-features.php#migration70.new-features.scalar-type-declarations) and type-juggling prevention - * Whitelisting of [stream wrappers](https://secure.php.net/manual/en/intro.stream.php) - * Preventing writeable files execution - * Whitelist/blacklist for `eval` - * Enforcing TLS certificate validation when using [curl](https://secure.php.net/manual/en/book.curl.php) - * Request dumping capability + * [Unserialize-based](https://www.owasp.org/images/9/9e/Utilizing-Code-Reuse-Or-Return-Oriented-Programming-In-PHP-Application-Exploits.pdf) code execution + * [`mail`-based]( https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ ) code execution + * Cookie-stealing [XSS]( https://en.wikipedia.org/wiki/Cross-site_scripting ) + * File-upload based code execution + * Weak PRNG + * [XXE]( https://en.wikipedia.org/wiki/XML_external_entity_attack ) +* Several hardening features + * Automatic `secure` and `samesite` flag for cookies + * Bundled set of rules to detect post-compromissions behaviours + * Global [strict mode]( https://secure.php.net/manual/en/migration70.new-features.php#migration70.new-features.scalar-type-declarations) and type-juggling prevention + * Whitelisting of [stream wrappers](https://secure.php.net/manual/en/intro.stream.php) + * Preventing writeable files execution + * Whitelist/blacklist for `eval` + * Enforcing TLS certificate validation when using [curl](https://secure.php.net/manual/en/book.curl.php) + * Request dumping capability +* A relatively sane codebase: + * A [comprehensive](https://coveralls.io/github/nbs-system/snuffleupagus?branch=master) testsuite + * Every commit is tested on [several distributions](https://gitlab.com/jvoisin/snuffleupagus/pipelines) + * An `clang-format`-enfored code style + * A [comprehensive documentation](https://snuffleupagus.rtfd.io) + * Usage of [coverity](https://scan.coverity.com/projects/nbs-system-snuffleupagus) ## Download -- cgit v1.3