souvenir
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
page 2 / 4
75 results tagged security  ✕   ✕
Cilium https://cilium.io/
20/05/2018 cluster icon
  • SecTools.Org : Top Network Security Tools
  • DNS Report : The free, thorough report on the DNS for your domain
  • Træfɪk : Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends (Docker, Swarm, Mesos/Mar...
  • OpenDNS : The safest, smartest, fastest and most reliable DNS on the planet.
  • Crossbar.io : Crossbar.io is is a router for the open WAMP protocol, and it is open source. Together with the open source WAMP client libraries it is a connection f...
thumbnail

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes and Mesos.

microservice network security loadbalancer
Infection Monkey https://github.com/guardicore/monkey
20/05/2018 cluster icon
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • n8n.io : n8n (pronounced nodemation) helps you to interconnect each and every app with an API in the world with each other to share and manipulate its data wit...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Roots : Roots helps you build better WordPress sites faster. Open-source tools for WordPress application development. LEMP stack Project boilerplate Starter ...
thumbnail

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

pentest security automation opensource tool
Harpoon https://github.com/Te-k/harpoon
25/03/2018 cluster icon
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
  • docopt : Command-line interface description language
  • Bandit : Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs approp...
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • tox : Command line driven CI frontend and development task automation tool At its core tox povides a convenient way to run arbitrary commands in isolated en...
thumbnail

CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organised in plugins so the idea is to have one plugin per platform or task.

security cli tool python
radare http://rada.re/r/
04/01/2018 cluster icon
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Infection Monkey : The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The M...
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.

Radare is a portable reversing framework that can...

Disassemble (and assemble for) many different architectures
Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg)
Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku
Perform forensics on filesystems and data carving
Be scripted in Python, Javascript, Go and more
Support collaborative analysis using the embedded webserver
Visualize data structures of several file types
Patch programs to uncover new features or fix vulnerabilities
Use powerful analysis capabilities to speed up reversing
Aid in software exploitation
reverseengineering debug security tool
Gixy https://github.com/yandex/gixy
06/12/2017 cluster icon
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • Neutrino : Neutrino is a companion tool which lets you build web and Node.js applications with shared presets or configurations. It intends to make the process o...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Kali Linux : Penetration Testing Linux OS containing tools to test the security of system or a network.
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
thumbnail

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

nginx security configuration tool
BlackBox https://github.com/StackExchange/blackbox
03/12/2017 cluster icon
  • Ockam : Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, ...
  • CryptPad : CryptPad is the Zero Knowledge realtime collaborative editor. Encryption carried out in your web browser protects the data from the server, the cloud ...
  • ZeroDB : ZeroDB enables clients to run queries over encrypted databases without exposing decrypted data to the server and without a proxy gateway.
  • SensioLabs Security Advisories Checker : The SensioLabs security advisories checker is a simple tool, available as a web service or as an online application, that uses the information from yo...
  • gollum : A simple, Git-powered wiki with a sweet API and local frontend.
thumbnail

Safely store secrets in a VCS repo (i.e. Git, Mercurial, Subversion or Perforce).

security encryption secrets git
webhint https://webhint.io/
03/11/2017 cluster icon
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Pa11y : Monitor the accessibility of your websites with pa11y-dashboard, and protect against accessibility errors creeping into your codebase.
  • Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the en...
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
  • Phantomas : PhantomJS-based web performance metrics collector and monitoring tool
thumbnail

webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and common errors. Use the online scanner or the CLI to start checking your site for errors.

web staticanalysis security performance ssl test cli accessibility
OverTheWire: Wargames http://overthewire.org/wargames/
26/10/2017 cluster icon
  • The Bastion : Bastions are a cluster of machines used as the unique entry point by operational teams to securely connect to devices using ssh. The Bastion provides ...
  • XSS game : Warning: You are entering the XSS game area.
  • tfsec : tfsec uses static analysis of your terraform code to spot potential misconfigurations.
  • security.txt : A proposed standard which allows websites to define security policies.
  • OpenDNS : The safest, smartest, fastest and most reliable DNS on the planet.

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

ssh security game
API Security Checklist https://github.com/shieldfy/API-Security-Checklist
15/07/2017 cluster icon
  • CWE/SANS Top 25 Most Dangerous Programming Errors : The CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in so...
  • HTTP API design : This guide describes a set of HTTP+JSON API design practices, originally extracted from work on the Heroku Platform API.
  • The Big List of Naughty Strings : The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
  • Security Guide for Developers : A practical security guide for web developers.
  • Paypal's API style guide : API design guidelines from Paypal
thumbnail

Checklist of the most important security countermeasures when designing, testing, and releasing your API.

api security checklist reference
Security Guide for Developers https://github.com/FallibleInc/security-guide-for-developers
26/05/2017 cluster icon
  • OWASP : The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
  • SQL Injection Cheat Sheet : Samples are provided to allow reader to get basic idea of a potential SQL Injection attack and almost every section includes a brief information about...
  • Subgraph Vega : Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XS...
  • Explorer Exposed! : These CSS bugs are all found only in Internet Explorer, versions 5 and higher. To see the demos properly, they must be viewed in IE, of course.
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
thumbnail

A practical security guide for web developers.

security web reference
XSS game https://xss-game.appspot.com/
28/02/2017 cluster icon
  • HTML Purifier : HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS)...
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • XSS (Cross Site Scripting) Prevention Cheat Sheet : The following rules are intended to prevent all XSS in your application. While these rules do not allow absolute freedom in putting untrusted data int...
  • OverTheWire: Wargames : The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.

Warning: You are entering the XSS game area.

xss security game
Everything you need to know about HTTP security headers https://blog.appcanary.com/2017/http-security-headers.html
05/02/2017 cluster icon
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • SQL Injection Cheat Sheet : Samples are provided to allow reader to get basic idea of a potential SQL Injection attack and almost every section includes a brief information about...
  • Security Guide for Developers : A practical security guide for web developers.
  • HTTP Archive : The HTTP Archive tracks how the Web is built.
  • Inj3ct0r 1337day.com : Exploit database separated by exploit type (local, remote, DoS, Poc, etc.)

This article explains what secure headers are and how to implement these headers in Rails, Django, Express.js, Go, Nginx, and Apache.

security http reference
The SaaS CTO Security Checklist http://cto-security-checklist.sqreen.io/
27/10/2016 cluster icon
  • OWASP : The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
  • Inj3ct0r 1337day.com : Exploit database separated by exploit type (local, remote, DoS, Poc, etc.)
  • How to systematically secure anything : Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In fact this repo aims to...
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • The Big List of Naughty Strings : The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
thumbnail

This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your startup stage and use these rules to improve your security. This list is far from exhaustive, incomplete by nature since the security you need depends on your assets.

security reference
Observatory https://observatory.mozilla.org/
01/09/2016 cluster icon
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • Grype : A vulnerability scanner for container images and filesystems.
  • Wapiti : Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the applica...
  • REDbot : REDbot is lint for HTTP resources; it tests protocol correctness, cacheability, content negotiation and more. REDbot checks HTTP resources to see how ...
  • Report URI : Report URI was founded to take the pain out of monitoring security policies like CSP and HPKP. When you can easily monitor what's happening on your si...

Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.

http security scan configuration
BounCA https://www.bounca.org/
16/07/2016 cluster icon
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
thumbnail

BounCA is a tool to manage your personal SSL certificates and authorities in a central and easy to use interfaces. It provides an easy accessible web interface to manage your openssl based root authority without the hassle of knowing all the arguments of the command line tools. BounCA is also an administration tool for all your signed certificates and revocation lists. Create and manage your own X.509 / PKI key and certificate trust infrastructure in a couple of minutes.

ssl security web tool selfhosted
My First 10 Minutes On a Server http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
06/07/2016 cluster icon
  • 2016 Guide to User Data Security : This guide is for the software developer, architect or system administrator who doesn't want to spend a lifetime wading through cryptographic algorith...
  • Run your own identity server : Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wis...
  • OWASP : The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
  • Security Guide for Developers : A practical security guide for web developers.
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
thumbnail

Primer for Securing Ubuntu

security server reference
2016 Guide to User Data Security https://www.inversoft.com/guides/2016-guide-to-user-data-security
06/07/2016 cluster icon
  • My First 10 Minutes On a Server : Primer for Securing Ubuntu
  • Run your own identity server : Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wis...
  • Security Guide for Developers : A practical security guide for web developers.
  • SQL Injection Cheat Sheet : Samples are provided to allow reader to get basic idea of a potential SQL Injection attack and almost every section includes a brief information about...
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.

This guide is for the software developer, architect or system administrator who doesn't want to spend a lifetime wading through cryptographic algorithms and complicated explanations of arcane system administration topics to tackle software security. We are a software development company and we have taken everything we know (and have learned through the years) about server and application security and distilled it into this simple yet detailed guide. This is not the sum of all things that could be or have been said about software security, but if you implement each of the concepts below your user data will be highly secure.

security server reference
OWASP Mutillidae II https://sourceforge.net/projects/mutillidae/
10/05/2016 cluster icon
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • domsnitch : A passive reconnaissance tool inside the DOM (experimental)
  • Subgraph Vega : Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XS...
  • Wapiti : Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the applica...

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

security test learning
Security Headers https://securityheaders.com/
02/05/2016 cluster icon
  • Mockbin : Mockbin allows you to generate custom endpoints to test, mock, and track HTTP requests & responses between libraries, sockets and APIs.
  • Observatory : Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and se...
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...
  • HTTP Security Report : Get an instant report of how your website measures up to the best practices. Check connection encryption, content security, information disclosure and...
thumbnail

I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites were using these headers and I figured I'd turn it into a useful tool for everyone to use!
There are services out there that will analyse the HTTP response headers of other sites but I also wanted to add a rating system to the results. The HTTP response headers that this site analayses provide huge levels of protection and it's important that sites deploy them. Hopefully, by providing an easy mechanism to assess them, and further information on how to deploy missing headers, we can drive up the usage of security based headers across the web.

http security test scan service
Snyk https://snyk.io/
25/04/2016 cluster icon
  • Yarn : Fast, reliable, and secure dependency management tool for javascript.
  • Harpoon : CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written ...
  • Bandit : Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs approp...
  • Poetry : Python packaging and dependency management made easy
  • asdf : Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
thumbnail

Snyk helps you use open source and stay secure.
Continuously find & fix vulnerabilities in your dependencies.

security tool npm python ruby php javascript dependency
page 2 / 4
1634 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn