The following are the active projects of the Consortium.

PHP Security Guide

Project Lead: Chris Shiflett

The PHP Security Guide is the flagship project of the PHP Security Consortium. This guide offers detailed information pertaining to a number of common security concerns for all PHP developers.

SecurityFocus Summaries

Project Lead: Daniel Convissor

A summary of vulnerabilities related to PHP and applications written in PHP - aggregated from the SecurityFocus weekly newsletters.


Project Lead: Ed Finkler

A tool for auditing the security of a PHP envrionment, presenting test results and suggestions in a format similar to the phpinfo() function.

Project Spotlight: SecurityFocus Summaries

The SecurityFocus Summaries project, led by Daniel Convissor, is the first step in an effort to better inform the community about vulnerability discoveries in PHP and in applications that use PHP. The summaries are aggregated from the weekly SecurityFocus newsletters, and there is an XML Feed to which you can subscribe.

(Note: Other sources of information include php|architect's PHP Security Mailing List and the Hardened-PHP Advisories.)