Snuffleupagus is a PHP7 module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the administrator to fix specific vulnerabilities without having to touch the PHP code.
The library is still in its alpha stages, however it’s getting great interest on github with 60 stars already. So make sure you don’t use it yet in production, unless you know what you are doing. There are many examples available in the documentation
Snuffleupagus has a lot of features that can be divided in two main categories: bug-classes killers and virtual-patching. The first category provides primitives to kill various bug families (like arbitrary code execution via
unserialize for example) or raise the cost of exploitation. The second category is a highly configurable system to patch functions in php itself.
Released under a GNU Lesser General Public License v3.0.