Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

A passive reconnaissance tool inside the DOM (experimental)

Wapiti allows you to audit the security of your web applications.

It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.

Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

jQuery Plugin to Encourage Stronger Passwords

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications.

The CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The following rules are intended to prevent all XSS in your application. While these rules do not allow absolute freedom in putting untrusted data into an HTML document, they should cover the vast majority of common use cases.

The safest, smartest, fastest and most reliable DNS on the planet.

Online vault and password manager that knows nothing about you and your data.

Everything you submit is locally encrypted by your browser before being transmitted to Clipperz. The encryption key is a passphrase known only to you! It is impossible for anyone without that key to decrypt your data.

Samples are provided to allow reader to get basic idea of a potential SQL Injection attack and almost every section includes a brief information about itself.

Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wish, for the general public.

Exploit database separated by exploit type (local, remote, DoS, Poc, etc.)

Website Plagiarism Search - Web Site Content Copyright Protection