Search: [security]

18/06/2011

Wapiti allows you to audit the security of your web applications.

It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Nikto2 http://www.cirt.net/nikto2

18/06/2011

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Naked Password http://www.nakedpassword.com

01/03/2011

jQuery Plugin to Encourage Stronger Passwords

HTML Purifier http://htmlpurifier.org

20/10/2010

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

Web Application Exploits and Defenses http://google-gruyere.appspot.com

24/09/2010

CWE/SANS Top 25 Most Dangerous Programming Errors http://cwe.mitre.org/top25/#Listing

06/04/2010

The CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

XSS (Cross Site Scripting) Prevention Cheat Sheet http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

19/01/2010

The following rules are intended to prevent all XSS in your application. While these rules do not allow absolute freedom in putting untrusted data into an HTML document, they should cover the vast majority of common use cases.

OpenDNS http://www.opendns.com

10/12/2009

The safest, smartest, fastest and most reliable DNS on the planet.

Clipperz http://www.clipperz.com

13/11/2009

Online vault and password manager that knows nothing about you and your data.

Everything you submit is locally encrypted by your browser before being transmitted to Clipperz. The encryption key is a passphrase known only to you! It is impossible for anyone without that key to decrypt your data.

SQL Injection Cheat Sheet http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

19/12/2008

Samples are provided to allow reader to get basic idea of a potential SQL Injection attack and almost every section includes a brief information about itself.

Run your own identity server http://wiki.openid.net/w/page/12995226/Run%20your%20own%20identity%20server

08/12/2008

Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wish, for the general public.

Inj3ct0r 1337day.com http://1337day.com

10/06/2008

Exploit database separated by exploit type (local, remote, DoS, Poc, etc.)

Copyscape http://www.copyscape.com

12/06/2007

Website Plagiarism Search - Web Site Content Copyright Protection

DNS Report http://www.dnsreport.com

16/05/2007

The free, thorough report on the DNS for your domain

Links per page

Filters