souvenir
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
page 2 / 4
75 results tagged security  ✕   ✕
Harbor https://goharbor.io/
03/09/2018 cluster icon
  • Jenkins X : Jenkins X is a CI / CD platform for Kubernetes.
  • Grype : A vulnerability scanner for container images and filesystems.
  • Nikto2 : Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potent...
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
thumbnail

Harbor is an open source cloud native registry that stores, signs, and scans container images for vulnerabilities.

Harbor solves common challenges by delivering trust, compliance, performance, and interoperability. It fills a gap for organizations and applications that cannot use a public or cloud-based registry, or want a consistent experience across clouds.

container cloud registry security
Cilium https://cilium.io/
20/05/2018 cluster icon
  • OpenDNS : The safest, smartest, fastest and most reliable DNS on the planet.
  • SecTools.Org : Top Network Security Tools
  • Crossbar.io : Crossbar.io is is a router for the open WAMP protocol, and it is open source. Together with the open source WAMP client libraries it is a connection f...
  • Træfɪk : Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Mesos/Mar...
  • ZeroDB : ZeroDB enables clients to run queries over encrypted databases without exposing decrypted data to the server and without a proxy gateway.
thumbnail

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos.

microservice network security loadbalancer
Infection Monkey https://github.com/guardicore/monkey
20/05/2018 cluster icon
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • n8n.io : n8n (pronounced nodemation) helps you to interconnect each and every app with an API in the world with each other to share and manipulate its data wit...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Rhasspy : Rhasspy (pronounced RAH-SPEE) is an open source, fully offline voice assistant toolkit for many languages that works well with Home Assistant, Hass.io...
thumbnail

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

pentest security automation opensource tool
Harpoon https://github.com/Te-k/harpoon
25/03/2018 cluster icon
  • Bandit : Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs approp...
  • docopt : Command-line interface description language
  • tox : Command line driven CI frontend and development task automation tool At its core tox povides a convenient way to run arbitrary commands in isolated en...
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
thumbnail

CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organised in plugins so the idea is to have one plugin per platform or task.

security cli tool python
radare http://rada.re/r/
04/01/2018 cluster icon
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • Copyscape : Website Plagiarism Search - Web Site Content Copyright Protection
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
  • OpenSCAP : The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselin...

Radare is a portable reversing framework that can...

Disassemble (and assemble for) many different architectures
Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
Perform forensics on filesystems and data carving
Be scripted in Python, Javascript, Go and more
Support collaborative analysis using the embedded webserver
Visualize data structures of several file types
Patch programs to uncover new features or fix vulnerabilities
Use powerful analysis capabilities to speed up reversing
Aid in software exploitation
reverseengineering debug security tool
Gixy https://github.com/yandex/gixy
06/12/2017 cluster icon
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • BounCA : BounCA is a tool to manage your personal SSL certificates and authorities in a central and easy to use interfaces. It provides an easy accessible web ...
  • SecTools.Org : Top Network Security Tools
  • Packer : Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
thumbnail

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

nginx security configuration tool
BlackBox https://github.com/StackExchange/blackbox
03/12/2017 cluster icon
  • ZeroDB : ZeroDB enables clients to run queries over encrypted databases without exposing decrypted data to the server and without a proxy gateway.
  • Ockam : Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, ...
  • CryptPad : CryptPad is the Zero Knowledge realtime collaborative editor. Encryption carried out in your web browser protects the data from the server, the cloud ...
  • Cilium : Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as a...
  • Weblate : Weblate is a free web-based translation tool with tight Git integration. It features simple and clean user interface, propagation of translations acro...
thumbnail

Safely store secrets in a VCS repo (i.e. Git, Mercurial, Subversion or Perforce).

security encryption secrets git
webhint https://webhint.io/
03/11/2017 cluster icon
  • SPOFCheck : A CLI tool for detecting frontend SPOF, mainly blocking scripts and CSS
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Diagnostic.css : Diagnostic.css is a stylesheet which allows the user to test for common errors in a page's markup. Also : https://github.com/karlgroves/diagnostic.css
  • WebPagetest : Run a free website speed test from multiple locations around the globe using real browsers (IE and Chrome) and at real consumer connection speeds.
thumbnail

webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and common errors. Use the online scanner or the CLI to start checking your site for errors.

web staticanalysis security performance ssl test cli accessibility
OverTheWire: Wargames http://overthewire.org/wargames/
26/10/2017 cluster icon
  • The Bastion : Bastions are a cluster of machines used as the unique entry point by operational teams to securely connect to devices using ssh. The Bastion provides ...
  • XSS game : Warning: You are entering the XSS game area.
  • Crafty : JavaScript Game Engine, HTML5 Game Engine
  • URL hunter : Look up at the URL bar! You are the O! You are trying to hunt the a"s. Use the left and right keys to move. When you are over an a press spacebar to s...
  • CWE/SANS Top 25 Most Dangerous Programming Errors : The CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in so...

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

ssh security game
API Security Checklist https://github.com/shieldfy/API-Security-Checklist
15/07/2017 cluster icon
  • HTTP API design : This guide describes a set of HTTP+JSON API design practices, originally extracted from work on the Heroku Platform API.
  • Everything you need to know about HTTP security headers : This article explains what secure headers are and how to implement these headers in Rails, Django, Express.js, Go, Nginx, and Apache.
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • SQL Injection Cheat Sheet : Samples are provided to allow reader to get basic idea of a potential SQL Injection attack and almost every section includes a brief information about...
  • JSON Schema : JSON Schema is a vocabulary that allows you to annotate and validate JSON documents.
thumbnail

Checklist of the most important security countermeasures when designing, testing, and releasing your API.

api security checklist reference
Security Guide for Developers https://github.com/FallibleInc/security-guide-for-developers
26/05/2017 cluster icon
  • OWASP : The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
  • SQL Injection Cheat Sheet : Samples are provided to allow reader to get basic idea of a potential SQL Injection attack and almost every section includes a brief information about...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • vicnum : A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing ...
thumbnail

A practical security guide for web developers.

security web reference
XSS game https://xss-game.appspot.com/
28/02/2017 cluster icon
  • OverTheWire: Wargames : The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
  • HTML Purifier : HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS)...
  • XSS (Cross Site Scripting) Prevention Cheat Sheet : The following rules are intended to prevent all XSS in your application. While these rules do not allow absolute freedom in putting untrusted data int...
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • 2016 Guide to User Data Security : This guide is for the software developer, architect or system administrator who doesn't want to spend a lifetime wading through cryptographic algorith...

Warning: You are entering the XSS game area.

xss security game
Everything you need to know about HTTP security headers https://blog.appcanary.com/2017/http-security-headers.html
05/02/2017 cluster icon
  • The SaaS CTO Security Checklist : This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your sta...
  • HTTP Security Report : Get an instant report of how your website measures up to the best practices. Check connection encryption, content security, information disclosure and...
  • HTTP Archive : The HTTP Archive tracks how the Web is built.
  • The Big List of Naughty Strings : The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
  • 2016 Guide to User Data Security : This guide is for the software developer, architect or system administrator who doesn't want to spend a lifetime wading through cryptographic algorith...

This article explains what secure headers are and how to implement these headers in Rails, Django, Express.js, Go, Nginx, and Apache.

security http reference
The SaaS CTO Security Checklist http://cto-security-checklist.sqreen.io/
27/10/2016 cluster icon
  • Run your own identity server : Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wis...
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • API Security Checklist : Checklist of the most important security countermeasures when designing, testing, and releasing your API.
  • OWASP : The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
  • CWE/SANS Top 25 Most Dangerous Programming Errors : The CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in so...
thumbnail

This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your startup stage and use these rules to improve your security. This list is far from exhaustive, incomplete by nature since the security you need depends on your assets.

security reference
Observatory https://observatory.mozilla.org/
01/09/2016 cluster icon
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • Gixy : Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...

Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.

http security scan configuration
BounCA https://www.bounca.org/
16/07/2016 cluster icon
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
thumbnail

BounCA is a tool to manage your personal SSL certificates and authorities in a central and easy to use interfaces. It provides an easy accessible web interface to manage your openssl based root authority without the hassle of knowing all the arguments of the command line tools. BounCA is also an administration tool for all your signed certificates and revocation lists. Create and manage your own X.509 / PKI key and certificate trust infrastructure in a couple of minutes.

ssl security web tool selfhosted
My First 10 Minutes On a Server http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
06/07/2016 cluster icon
  • Run your own identity server : Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wis...
  • 2016 Guide to User Data Security : This guide is for the software developer, architect or system administrator who doesn't want to spend a lifetime wading through cryptographic algorith...
  • The SaaS CTO Security Checklist : This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your sta...
  • Everything you need to know about HTTP security headers : This article explains what secure headers are and how to implement these headers in Rails, Django, Express.js, Go, Nginx, and Apache.
  • How to systematically secure anything : Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In fact this repo aims to...
thumbnail

Primer for Securing Ubuntu

security server reference
2016 Guide to User Data Security https://www.inversoft.com/guides/2016-guide-to-user-data-security
06/07/2016 cluster icon
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • Run your own identity server : Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wis...
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • The Big List of Naughty Strings : The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
  • Security Guide for Developers : A practical security guide for web developers.

This guide is for the software developer, architect or system administrator who doesn't want to spend a lifetime wading through cryptographic algorithms and complicated explanations of arcane system administration topics to tackle software security. We are a software development company and we have taken everything we know (and have learned through the years) about server and application security and distilled it into this simple yet detailed guide. This is not the sum of all things that could be or have been said about software security, but if you implement each of the concepts below your user data will be highly secure.

security server reference
OWASP Mutillidae II https://sourceforge.net/projects/mutillidae/
10/05/2016 cluster icon
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • Bandit : Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs approp...
  • Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the en...
  • domsnitch : A passive reconnaissance tool inside the DOM (experimental)
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

security test learning
Security Headers https://securityheaders.com/
02/05/2016 cluster icon
  • Report URI : Report URI was founded to take the pain out of monitoring security policies like CSP and HPKP. When you can easily monitor what's happening on your si...
  • Observatory : Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and se...
  • Wapiti : Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the applica...
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
thumbnail

I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites were using these headers and I figured I'd turn it into a useful tool for everyone to use!
There are services out there that will analyse the HTTP response headers of other sites but I also wanted to add a rating system to the results. The HTTP response headers that this site analayses provide huge levels of protection and it's important that sites deploy them. Hopefully, by providing an easy mechanism to assess them, and further information on how to deploy missing headers, we can drive up the usage of security based headers across the web.

http security test scan service
page 2 / 4
1656 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn