souvenir
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
page 1 / 4
75 results tagged security  ✕   ✕
Semgrep https://github.com/semgrep/semgrep
04/02/2025 cluster icon
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • tfsec : tfsec uses static analysis of your terraform code to spot potential misconfigurations.
  • CryptPad : CryptPad is the Zero Knowledge realtime collaborative editor. Encryption carried out in your web browser protects the data from the server, the cloud ...
  • Infection Monkey : The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The M...

Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows.

opensource staticanalysis security bugs continuousintegration
Gitleaks https://github.com/gitleaks/gitleaks
23/05/2023 cluster icon
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • Lighthouse : Lighthouse is an open-source, automated tool for improving the quality of web pages. You can run it against any web page, public or requiring authenti...
  • sqlmap : sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of databa...
  • Semgrep : Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supp...
thumbnail

Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords, API keys and tokens in Git repositories. It can be used as a Git pre-commit hook or in the CI/CD pipeline.

opensource staticanalysis security test tool
TruffleHog https://github.com/trufflesecurity/trufflehog
23/05/2023 cluster icon
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
thumbnail

TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab repositories are the most popular use cases, it can also be used to scan cloud storage buckets like S3 and GCS, local files and directories and CircleCI logs. Developers can set up TruffleHog as a pre-commit hook or scan the history of existing repositories in an entire GitHub organization to detect secrets.

opensource staticanalysis security test tool
Syncthing https://syncthing.net/
21/05/2023 cluster icon
  • Infection Monkey : The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The M...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • SensioLabs Security Advisories Checker : The SensioLabs security advisories checker is a simple tool, available as a web service or as an online application, that uses the information from yo...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...

Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers in real time, safely protected from prying eyes. Your data is your data alone and you deserve to choose where it is stored, whether it is shared with some third party, and how it’s transmitted over the internet.

file backup sync tool security
tfsec https://github.com/aquasecurity/tfsec
12/04/2022 cluster icon
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Semgrep : Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supp...
  • Pyre : Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providi...
thumbnail

tfsec uses static analysis of your terraform code to spot potential misconfigurations.

security staticanalysis infrastructureascode
Grype https://github.com/anchore/grype
12/04/2022 cluster icon
  • Container Structure Tests : The Container Structure Tests provide a powerful framework to validate the structure of a container image. These tests can be used to check the output...
  • Telepresence : Telepresence, in conjunction with a containerized development environment, gives the developer a fast development workflow in developing a multi-conta...
  • cAdvisor : cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containe...
  • Watchtower : A container-based solution for automating Docker container base image updates.
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
thumbnail

A vulnerability scanner for container images and filesystems.

docker container security scan
TheHive Project https://thehive-project.org/
06/03/2022 cluster icon
  • CryptPad : CryptPad is the Zero Knowledge realtime collaborative editor. Encryption carried out in your web browser protects the data from the server, the cloud ...
  • Pyroscope : Pyroscope is an open source continuous profiling platform. It will help you: Find performance issues in your code Resolve issues with high CPU utiliz...
  • Semgrep : Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supp...
  • Lynis : Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your ...
  • Known : Known is a social learning platform. Create your educational community and empower students to publish work, share feedback, and communicate across so...
thumbnail

A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.

opensource security platform
The Bastion https://github.com/ovh/the-bastion
30/10/2020 cluster icon
  • Ockam : Ockam is a suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, ...
  • OverTheWire: Wargames : The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Mosh : Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keys...
  • Semgrep : Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supp...
thumbnail

Bastions are a cluster of machines used as the unique entry point by operational teams to securely connect to devices using ssh.
The Bastion provides mechanisms for authentication, authorization, traceability and auditability for the whole infrastructure.

ssh security tracing audit authentication authorization
How to systematically secure anything https://github.com/veeral-patel/how-to-secure-anything
06/09/2020 cluster icon
  • The Big List of Naughty Strings : The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
  • Run your own identity server : Running your own identity server allows you to act as an OpenID Provider. You could run one just for yourself, for a community of users or, if you wis...
  • XSS Filter Evasion Cheat Sheet - OWASP : This article is focused on providing application security testing professionals with a guide to assist in Cross Site Scripting testing.
  • OWASP : The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
  • API Security Checklist : Checklist of the most important security countermeasures when designing, testing, and releasing your API.
thumbnail

Security engineering is the discipline of building secure systems.

Its lessons are not just applicable to computer security. In fact this repo aims to document a process for securing anything, whether it's a medieval castle, an art museum, or a computer network.

security reference
Pyre https://pyre-check.org/
10/08/2020 cluster icon
  • Flake8 : flake8 is a python tool that glues together pycodestyle, pyflakes, mccabe, and third-party plugins to check the style and quality of some python code....
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
  • Bandit : Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs approp...
  • refurb : A tool for refurbishing and modernizing Python codebases.

Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally – providing instantaneous feedback to developers as they write code.

Pyre ships with Pysa, a security focused static analysis tool we've built on top of Pyre that reasons about data flows in Python applications.

python staticanalysis security tool
Bandit https://github.com/PyCQA/bandit
24/06/2020 cluster icon
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • sqlmap : sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of databa...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • Snyk : Snyk helps you use open source and stay secure. Continuously find & fix vulnerabilities in your dependencies.
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
thumbnail

Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

security python tool test
OpenVAS https://www.openvas.org/
29/04/2020 cluster icon
  • Kali Linux : Penetration Testing Linux OS containing tools to test the security of system or a network.
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • OpenSCAP : The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselin...
  • WebScarab : WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
  • Wapiti : Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the applica...

OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

security scan test tool
SpiderFoot https://www.spiderfoot.net/
11/02/2020 cluster icon
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • OpenSCAP : The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselin...
  • DNS Report : The free, thorough report on the DNS for your domain
thumbnail

With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (OSINT) about IP addresses, domain names, e-mail addresses, usernames, names, subnets and ASNs from many sources such as AlienVault, HaveIBeenPwned, SecurityTrails, SHODAN and more.

security osint scan tool
Report URI https://report-uri.com/
07/12/2019 cluster icon
  • Security Headers : I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites we...
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...
  • Everything you need to know about HTTP security headers : This article explains what secure headers are and how to implement these headers in Rails, Django, Express.js, Go, Nginx, and Apache.
  • Observatory : Observatory by Mozilla is a project designed to help developers, system administrators, and security professionals configure their sites safely and se...
  • Requestdiff : Differentiate HTTP headers and content body of two GET URLs.
thumbnail

Report URI was founded to take the pain out of monitoring security policies like CSP and HPKP. When you can easily monitor what's happening on your site in real time you react faster and more efficiently, allowing you to rectify issues without your users ever having to tell you.

monitoring http security service
CryptPad https://github.com/xwiki-labs/cryptpad
24/11/2019 cluster icon
  • HedgeDoc : HedgeDoc (formerly known as CodiMD) is an open-source, web-based, self-hosted, collaborative markdown editor. You can use it to easily collaborate on ...
  • AppFlowy.IO : Open Source Notion Alternative
  • Floobits : Floobits brings real-time collaborative editing to text editors, IDEs. Collaborative text editors and screen sharing solutions usually suffer from the...
  • Teletype for Atom : Teletype for Atom lets developers share their workspace with team members and collaborate on code in real time.
  • MUTE : Web-based text editing tool that allows to edit documents collaboratively in real-time. It implements a CRDT-based consistency maintenance algorithm f...
thumbnail

CryptPad is the Zero Knowledge realtime collaborative editor.

Encryption carried out in your web browser protects the data from the server, the cloud and the NSA. It relies on the ChainPad realtime engine.

encryption collaboration realtime security editor storage opensource selfhosted
security.txt https://securitytxt.org/
10/08/2019 cluster icon
  • Harpoon : CLI tool for open source and threat intelligence. Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written ...
  • HTML5 - Edition for Web Developers : HTML: The Living Standard. A technical specification for Web developers.
  • Burp Suite : Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the en...
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • SensioLabs Security Advisories Checker : The SensioLabs security advisories checker is a simple tool, available as a web service or as an online application, that uses the information from yo...
thumbnail

A proposed standard which allows websites to define security policies.

standards security
Lynis https://cisofy.com/lynis/
24/04/2019 cluster icon
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • TruffleHog : TruffleHog is an open-source SAST (static application security testing) tool for detecting secrets in various sources. While GitHub and GitLab reposit...
  • Skipfish : Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursi...
  • Bandit : Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs approp...
  • Bazel : Bazel is an open-source build and test tool similar to Make, Maven, and Gradle. It uses a human-readable, high-level build language. Bazel supports pr...
thumbnail

Lynis is a battle-tested security tool for systems running Linux, macOS, or Unix-based operating system. It performs an extensive health scan of your systems to support system hardening and compliance testing.

opensource security test tool
SSL Server Test https://www.ssllabs.com/ssltest/
21/10/2018 cluster icon
  • webhint : webhint is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and co...
  • mitmproxy : mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify...
  • Gitleaks : Gitleaks is an open-source SAST (static application security testing) command line tool for detecting and preventing hardcoded secrets like passwords,...
  • BounCA : BounCA is a tool to manage your personal SSL certificates and authorities in a central and easy to use interfaces. It provides an easy accessible web ...
  • sqlmap : sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of databa...

This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

https ssl security test
OpenSCAP https://www.open-scap.org/
03/10/2018 cluster icon
  • OpenVAS : OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low ...
  • WhatWeb : WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content manage...
  • Zed Attack Proxy : The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be...
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • Kali Linux : Penetration Testing Linux OS containing tools to test the security of system or a network.

The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselines. We maintain great flexibility and interoperability, reducing the costs of performing security audits.

security tool scan
Harbor https://goharbor.io/
03/09/2018 cluster icon
  • Jenkins X : Jenkins X is a CI / CD platform for Kubernetes.
  • Grype : A vulnerability scanner for container images and filesystems.
  • SpiderFoot : With almost 200 modules and growing, SpiderFoot provides an easy-to-use interface that enables you to automatically collect Open Source Intelligence (...
  • treecloud.org : Create your own tree clouds!
  • DVWA - Damn Vulnerable Web Application : Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to t...
thumbnail

Harbor is an open source cloud native registry that stores, signs, and scans container images for vulnerabilities.

Harbor solves common challenges by delivering trust, compliance, performance, and interoperability. It fills a gap for organizations and applications that cannot use a public or cloud-based registry, or want a consistent experience across clouds.

container cloud registry security
page 1 / 4
1635 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn