PHPackages                             dgtlss/owaspadvisor - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. dgtlss/owaspadvisor

ActiveLibrary[Security](/categories/security)

dgtlss/owaspadvisor
===================

A Laravel package to help developers implement OWASP Top 10 security guidelines

1.1.0(6mo ago)318.1k↑33.3%1MITPHPPHP ^8.2

Since May 15Pushed 6mo ago1 watchersCompare

[ Source](https://github.com/dgtlss/owaspadvisor)[ Packagist](https://packagist.org/packages/dgtlss/owaspadvisor)[ RSS](/packages/dgtlss-owaspadvisor/feed)WikiDiscussions main Synced 2d ago

READMEChangelog (4)Dependencies (6)Versions (5)Used By (0)

OWASP Advisor for Laravel
=========================

[](#owasp-advisor-for-laravel)

A Laravel package that helps developers ensure their applications follow OWASP Top 10 security guidelines.

Features
--------

[](#features)

- Automated security audits based on OWASP Top 10 guidelines (2025)
- Comprehensive security checks across multiple categories:
    - A01: Broken Access Control
    - A02: Security Misconfiguration
    - A03: Software Supply Chain Failures
    - A04: Cryptographic Failures
    - A05: Injection
    - A06: Insecure Design
    - A07: Authentication Failures
    - A08: Software or Data Integrity Failures
    - A09: Security Logging and Alerting Failures
    - A10: Mishandling of Exceptional Conditions
- Multiple report formats (Console, JSON, HTML)
- Configurable security checks and thresholds
- Integration with Laravel's notification system for security alerts
- Interactive command-line interface with detailed OWASP information

Installation
------------

[](#installation)

You can install the package via composer:

```
composer require dgtlss/owaspadvisor --dev
```

After installation, publish the configuration file:

```
php artisan vendor:publish --provider="Dgtlss\OWASPAdvisor\OWASPAdvisorServiceProvider" --tag=config
```

To publish the views:

```
php artisan vendor:publish --provider="Dgtlss\OWASPAdvisor\OWASPAdvisorServiceProvider" --tag=views
```

Usage
-----

[](#usage)

### Learning About OWASP Top 10

[](#learning-about-owasp-top-10)

To learn more about the OWASP Top 10 security risks and get detailed descriptions:

```
php artisan owasp:info
```

This interactive command will:

- Display information about each OWASP Top 10 category
- Provide descriptions and context for each security risk
- Offer the option to run a security audit immediately
- Link to the official OWASP documentation

### Running a Security Audit

[](#running-a-security-audit)

To perform a quick OWASP security audit of your Laravel application, use:

```
# Run a basic security audit with console output
php artisan owasp:audit

# Generate a JSON report
php artisan owasp:audit --format=json

# Generate and save an HTML report
php artisan owasp:audit --format=html --save
```

### OWASP Security Checks

[](#owasp-security-checks)

The package performs comprehensive checks in the following categories:

1. **Broken Access Control (A01:2025)**

    - Authorization middleware usage
    - Role-based access control implementation
    - CORS configuration validation
    - Server-Side Request Forgery (SSRF) protection
2. **Security Misconfiguration (A02:2025)**

    - Debug mode settings
    - Security headers
    - Error handling configuration
    - Environment-specific configurations
3. **Software Supply Chain Failures (A03:2025)**

    - Dependency vulnerability scanning
    - Package integrity verification
    - Build pipeline security
    - Third-party component management
4. **Cryptographic Failures (A04:2025)**

    - HTTPS configuration
    - Encryption at rest
    - Password hashing algorithms and settings
    - Key management practices
5. **Injection (A05:2025)**

    - SQL injection prevention
    - XSS vulnerabilities
    - CSRF protection
    - Command injection prevention
6. **Insecure Design (A06:2025)**

    - Threat modeling documentation
    - Secure design patterns
    - Business logic validation
    - Defense in depth implementation
7. **Authentication Failures (A07:2025)**

    - Password policies
    - Session security
    - Rate limiting implementation
    - Multi-factor authentication
8. **Software or Data Integrity Failures (A08:2025)**

    - CI/CD pipeline integrity
    - Code signing verification
    - Database integrity checks
    - Update mechanism security
9. **Security Logging and Alerting Failures (A09:2025)**

    - Security event logging
    - Alerting mechanisms
    - Log retention policies
    - Monitoring integration
10. **Mishandling of Exceptional Conditions (A10:2025)**

    - Exception handling best practices
    - Resource cleanup
    - Timeout handling
    - Circuit breaker patterns

Security Reports
----------------

[](#security-reports)

Reports can be generated in three formats:

### Console Output

[](#console-output)

```
BROKEN ACCESS CONTROL (A01:2025)
---------------------------------
✓ Authorization Middleware: Properly configured
⚠ Role Permissions: Some endpoints lack role checks
✓ CORS Configuration: Secure configuration detected
✓ SSRF Protection: External request validation found

SECURITY MISCONFIGURATION (A02:2025)
------------------------------------
⚠ Debug Mode: Debug mode enabled in non-production
✓ Security Headers: All recommended headers configured
✓ Error Handling: Custom exception handler implemented

SOFTWARE SUPPLY CHAIN (A03:2025)
----------------------------------
✓ Dependency Audit: Security scanning tools configured
⚠ Package Signing: Git commit signing not configured
✓ Build Pipeline: CI/CD integrity checks in place

CRYPTOGRAPHIC FAILURES (A04:2025)
-------------------------------
✓ HTTPS Only: Enforced
✓ Encryption at Rest: Using AES-256
⚠ Password Hashing: Using default algorithm

```

### JSON Format

[](#json-format)

```
{
  "access_control": {
    "status": "warning",
    "checks": {
      "middleware_usage": {
        "status": "success",
        "message": "Authorization middleware properly configured"
      },
      "ssrf_protection": {
        "status": "success",
        "message": "External request validation implemented"
      }
    }
  },
  "supply_chain": {
    "status": "warning",
    "checks": {
      "dependency_audit": {
        "status": "success",
        "message": "Security scanning tools configured"
      }
    }
  }
}
```

### HTML Report

[](#html-report)

A detailed HTML report that can be saved to your storage directory.

Configuration
-------------

[](#configuration)

The package configuration file (`config/owaspadvisor.php`) allows you to customize:

- Security check thresholds
- Report storage location
- Notification settings
- Security headers configuration
- Password requirements
- Rate limiting rules

Contributing
------------

[](#contributing)

Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details.

###  Health Score

44

—

FairBetter than 90% of packages

Maintenance66

Regular maintenance activity

Popularity34

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 87.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~71 days

Total

4

Last Release

201d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/32520453?v=4)[Nathan Langer](/maintainers/dgtlss)[@dgtlss](https://github.com/dgtlss)

---

Top Contributors

[![nlangerdevtbg](https://avatars.githubusercontent.com/u/169651551?v=4)](https://github.com/nlangerdevtbg "nlangerdevtbg (7 commits)")[![dgtlss](https://avatars.githubusercontent.com/u/32520453?v=4)](https://github.com/dgtlss "dgtlss (1 commits)")

---

Tags

laravellaravel-owasplaravel-packagelaravel-securitylaravel-security-checkerowaspowasp-2025owasp-top-10owasp-top-ten

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/dgtlss-owaspadvisor/health.svg)

```
[![Health](https://phpackages.com/badges/dgtlss-owaspadvisor/health.svg)](https://phpackages.com/packages/dgtlss-owaspadvisor)
```

###  Alternatives

[api-platform/laravel

API Platform support for Laravel

58171.5k14](/packages/api-platform-laravel)[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M345](/packages/psalm-plugin-laravel)[laravel/ai

The official AI SDK for Laravel.

1.0k3.2M193](/packages/laravel-ai)[illuminate/encryption

The Illuminate Encryption package.

9630.7M326](/packages/illuminate-encryption)[moonshine/moonshine

Laravel administration panel

1.3k253.1k81](/packages/moonshine-moonshine)[tallstackui/tallstackui

TallStackUI is a powerful suite of Blade components that elevate your workflow of Livewire applications.

725173.0k14](/packages/tallstackui-tallstackui)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
