The number of Internet servers running the PHP language is staggering: second Netcraft , as of January 2012, approximately 244.000.000 websites were running PHP and according to a May 2015 survey by W3Techs “PHP is used by 81,9% of all websites whose server-side programming language we know. Conclusion: PHP rules.
The appeal of PHP is that it's easy to learn, easy to develop, and flexible (although not everyone thinks PHP is a good idea ). On the other hand, as with all programming languages, PHP has security issues, so bad coding practices can leave a server vulnerable to hackers.
Even though your coding might be A+ (cough-unlikely-cough), if you allow other developers' code (i.e. code you haven't written and haven't checked for standards and coding integrity) to run on your server , you are at least to some extent vulnerable (or more likely, extremely vulnerable). Without a thorough analysis and evaluation you simply don't know if you are safe or not.
Suhosin (Korean 수호신 , Korean pronunciation: [suɦoɕin] , meaning “guardian angel”) is an open source patch for PHP and also a PHP extension, written by the German company Sektion As . Patch and extension are two independent parts, which can be used separately or in combination. “The goal behind Suhosin is to be a safety net that protects servers from insecure PHP coding practices.”
Suhosin also reduces the "attackable surface" that PHP adds to a web server through function whitelisting, resource limits, transparent session and cookie encryption, binary content filtering, logging, and various other protections. This reduces the risk of distributing previously unsafe PHP programs and protects against known and unknown attacks.
Suhosin is actually an extension pack for the PHP programming language. It was designed to increase the security of PHP and protect servers from injection attacks, cross-site scripting (XSS), and other common vulnerabilities.
One of Suhosin's main features is its ability to monitor and restrict the use of dangerous or potentially harmful features within your PHP code. For example, Suhosin can prevent the use of unauthorized variables or functions that can be exploited by an attacker to execute malicious code.
In addition to these security features, Suhosin also offers a number of options for protecting sensitive data, such as passwords and login information. For example, Suhosin can prevent password logging so that they are not accidentally logged in the server log.
Furthermore, Suhosin offers a number of tools for protecting PHP scripts from unauthorized access. For example, it can prevent unauthorized users from downloading PHP scripts or attempting to access password-protected scripts.
In summary, Suhosin is a very useful tool to increase the security of PHP servers and protect sensitive data. If you are running a PHP server, it is highly recommended that you consider using Suhosin to secure your working environment.
If you are looking for a Hosting that provides Suhosin as an additional service, our company is able to provide Suhosin Hosting.