souvenir
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
page 2 / 4
75 results tagged security  ✕   ✕
Cilium https://cilium.io/
20/05/2018 cluster icon
  • Træfɪk : Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Mesos/Mar...
  • SecTools.Org : Top Network Security Tools
  • DNS Report : The free, thorough report on the DNS for your domain
  • OpenDNS : The safest, smartest, fastest and most reliable DNS on the planet.
  • Crossbar.io : Crossbar.io is is a router for the open WAMP protocol, and it is open source. Together with the open source WAMP client libraries it is a connection f...
thumbnail

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos.

microservice network security loadbalancer
Infection Monkey https://github.com/guardicore/monkey
20/05/2018 cluster icon
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • n8n.io : n8n (pronounced nodemation) helps you to interconnect each and every app with an API in the world with each other to share and manipulate its data wit...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Caire : Caire is a content aware image resize library
thumbnail

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

pentest security automation opensource tool
Harpoon https://github.com/Te-k/harpoon
25/03/2018 cluster icon
  • tox : Command line driven CI frontend and development task automation tool At its core tox povides a convenient way to run arbitrary commands in isolated en...
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • Bandit : Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs approp...
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
  • docopt : Command-line interface description language
thumbnail

CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organised in plugins so the idea is to have one plugin per platform or task.

security cli tool python
radare http://rada.re/r/
04/01/2018 cluster icon
  • SensioLabs Security Advisories Checker : The SensioLabs security advisories checker is a simple tool, available as a web service or as an online application, that uses the information from yo...
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
  • OpenSCAP : The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselin...
  • Duckie : A tool for one person pairing.
  • Harpoon : CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written ...

Radare is a portable reversing framework that can...

Disassemble (and assemble for) many different architectures
Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
Perform forensics on filesystems and data carving
Be scripted in Python, Javascript, Go and more
Support collaborative analysis using the embedded webserver
Visualize data structures of several file types
Patch programs to uncover new features or fix vulnerabilities
Use powerful analysis capabilities to speed up reversing
Aid in software exploitation
reverseengineering debug security tool
Gixy https://github.com/yandex/gixy
06/12/2017 cluster icon
  • DNS Report : The free, thorough report on the DNS for your domain
  • sqlmap : sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of databa...
  • SensioLabs Security Advisories Checker : The SensioLabs security advisories checker is a simple tool, available as a web service or as an online application, that uses the information from yo...
  • Observatory : Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and se...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
thumbnail

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

nginx security configuration tool
BlackBox https://github.com/StackExchange/blackbox
03/12/2017 cluster icon
  • CryptPad : CryptPad is the Zero Knowledge realtime collaborative editor. Encryption carried out in your web browser protects the data from the server, the cloud ...
  • Ockam : Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, ...
  • ZeroDB : ZeroDB enables clients to run queries over encrypted databases without exposing decrypted data to the server and without a proxy gateway.
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
thumbnail

Safely store secrets in a VCS repo (i.e. Git, Mercurial, Subversion or Perforce).

security encryption secrets git
webhint https://webhint.io/
03/11/2017 cluster icon
  • Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the en...
  • SPOFCheck : A CLI tool for detecting frontend SPOF, mainly blocking scripts and CSS
  • Phantomas : PhantomJS-based web performance metrics collector and monitoring tool
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Nikto2 : Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potent...
thumbnail

webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and common errors. Use the online scanner or the CLI to start checking your site for errors.

web staticanalysis security performance ssl test cli accessibility
OverTheWire: Wargames http://overthewire.org/wargames/
26/10/2017 cluster icon
  • The Bastion : Bastions are a cluster of machines used as the unique entry point by operational teams to securely connect to devices using ssh. The Bastion provides ...
  • XSS game : Warning: You are entering the XSS game area.
  • domsnitch : A passive reconnaissance tool inside the DOM (experimental)
  • Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the en...
  • How to systematically secure anything : Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In fact this repo aims to...

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

ssh security game
API Security Checklist https://github.com/shieldfy/API-Security-Checklist
15/07/2017 cluster icon
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • How to systematically secure anything : Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In fact this repo aims to...
  • The SaaS CTO Security Checklist : This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your sta...
  • JSON Schema : JSON Schema is a vocabulary that allows you to annotate and validate JSON documents.
  • JSON API : A specification for building APIs in JSON. Clients built around JSON API are able to take advantage of its features around efficiently caching respons...
thumbnail

Checklist of the most important security countermeasures when designing, testing, and releasing your API.

api security checklist reference
Security Guide for Developers https://github.com/FallibleInc/security-guide-for-developers
26/05/2017 cluster icon
  • OWASP : The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
  • SQL Injection Cheat Sheet : Samples are provided to allow reader to get basic idea of a potential SQL Injection attack and almost every section includes a brief information about...
  • DVWA - Damn Vulnerable Web Application : Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to t...
  • Linked Data : This site exists to provide a home for, or pointers to, resources from across the Linked Data community.
  • API Security Checklist : Checklist of the most important security countermeasures when designing, testing, and releasing your API.
thumbnail

A practical security guide for web developers.

security web reference
XSS game https://xss-game.appspot.com/
28/02/2017 cluster icon
  • OverTheWire: Wargames : The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • XSS (Cross Site Scripting) Prevention Cheat Sheet : The following rules are intended to prevent all XSS in your application. While these rules do not allow absolute freedom in putting untrusted data int...
  • HTML Purifier : HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS)...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...

Warning: You are entering the XSS game area.

xss security game
Everything you need to know about HTTP security headers https://blog.appcanary.com/2017/http-security-headers.html
05/02/2017 cluster icon
  • Inj3ct0r 1337day.com : Exploit database separated by exploit type (local, remote, DoS, Poc, etc.)
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • How to systematically secure anything : Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In fact this repo aims to...
  • Observatory : Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and se...

This article explains what secure headers are and how to implement these headers in Rails, Django, Express.js, Go, Nginx, and Apache.

security http reference
The SaaS CTO Security Checklist http://cto-security-checklist.sqreen.io/
27/10/2016 cluster icon
  • API Security Checklist : Checklist of the most important security countermeasures when designing, testing, and releasing your API.
  • Security Guide for Developers : A practical security guide for web developers.
  • How to systematically secure anything : Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In fact this repo aims to...
  • Run your own identity server : Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wis...
  • The Big List of Naughty Strings : The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
thumbnail

This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your startup stage and use these rules to improve your security. This list is far from exhaustive, incomplete by nature since the security you need depends on your assets.

security reference
Observatory https://observatory.mozilla.org/
01/09/2016 cluster icon
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • HTTP Security Report : Get an instant report of how your website measures up to the best practices. Check connection encryption, content security, information disclosure and...
  • Everything you need to know about HTTP security headers : This article explains what secure headers are and how to implement these headers in Rails, Django, Express.js, Go, Nginx, and Apache.

Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.

http security scan configuration
BounCA https://www.bounca.org/
16/07/2016 cluster icon
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
thumbnail

BounCA is a tool to manage your personal SSL certificates and authorities in a central and easy to use interfaces. It provides an easy accessible web interface to manage your openssl based root authority without the hassle of knowing all the arguments of the command line tools. BounCA is also an administration tool for all your signed certificates and revocation lists. Create and manage your own X.509 / PKI key and certificate trust infrastructure in a couple of minutes.

ssl security web tool selfhosted
My First 10 Minutes On a Server http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
06/07/2016 cluster icon
  • 2016 Guide to User Data Security : This guide is for the software developer, architect or system administrator who doesn't want to spend a lifetime wading through cryptographic algorith...
  • Run your own identity server : Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wis...
  • Security Guide for Developers : A practical security guide for web developers.
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • API Security Checklist : Checklist of the most important security countermeasures when designing, testing, and releasing your API.
thumbnail

Primer for Securing Ubuntu

security server reference
2016 Guide to User Data Security https://www.inversoft.com/guides/2016-guide-to-user-data-security
06/07/2016 cluster icon
  • Run your own identity server : Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wis...
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • How to systematically secure anything : Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In fact this repo aims to...
  • Security Guide for Developers : A practical security guide for web developers.

This guide is for the software developer, architect or system administrator who doesn't want to spend a lifetime wading through cryptographic algorithms and complicated explanations of arcane system administration topics to tackle software security. We are a software development company and we have taken everything we know (and have learned through the years) about server and application security and distilled it into this simple yet detailed guide. This is not the sum of all things that could be or have been said about software security, but if you implement each of the concepts below your user data will be highly secure.

security server reference
OWASP Mutillidae II https://sourceforge.net/projects/mutillidae/
10/05/2016 cluster icon
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...
  • Subgraph Vega : Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XS...

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

security test learning
Security Headers https://securityheaders.com/
02/05/2016 cluster icon
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...
  • REDbot : REDbot is lint for HTTP resources; it tests protocol correctness, cacheability, content negotiation and more. REDbot checks HTTP resources to see how ...
  • Mockbin : Mockbin allows you to generate custom endpoints to test, mock, and track HTTP requests & responses between libraries, sockets and APIs.
  • Report URI : Report URI was founded to take the pain out of monitoring security policies like CSP and HPKP. When you can easily monitor what's happening on your si...
  • Observatory : Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and se...
thumbnail

I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites were using these headers and I figured I'd turn it into a useful tool for everyone to use!
There are services out there that will analyse the HTTP response headers of other sites but I also wanted to add a rating system to the results. The HTTP response headers that this site analayses provide huge levels of protection and it's important that sites deploy them. Hopefully, by providing an easy mechanism to assess them, and further information on how to deploy missing headers, we can drive up the usage of security based headers across the web.

http security test scan service
Snyk https://snyk.io/
25/04/2016 cluster icon
  • Yarn : Fast, reliable, and secure dependency management tool for javascript.
  • Poetry : Python packaging and dependency management made easy
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • Lerna : A tool for managing JavaScript projects with multiple packages.
  • Harpoon : CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written ...
thumbnail

Snyk helps you use open source and stay secure.
Continuously find & fix vulnerabilities in your dependencies.

security tool npm python ruby php javascript dependency
page 2 / 4
1633 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn