Search Results for "owasp-mantra-ff"
Sort By:
Showing 163 open source projects for "owasp-mantra-ff"
View related business solutions-
Free CRM Software With Something for EveryoneThink CRM software is just about contact management? Think again. HubSpot CRM has free tools for everyone on your team, and it’s 100% free. Here’s how our free CRM solution makes your job easier.
-
Save hundreds of developer hours with components built for SaaS applications.Whether you want full self-service analytics or simpler multi-tenant security, Qrvey’s embeddable components and scalable data management remove the guess work.
-
1
ff
Flags-first package for configuration
ff stands for flags-first, and is basically a package that offers an opinionated manner of populating a flag.FlagSet with configuration data from the environment. The default for ff is to parse only from the command line, however you have the option to parse from environment variables (lower priority) and/or a configuration file (lowest priority). ff has a natural companion and extension in package ffcli, a package for building declarative command line applications. It is ideal for when... -
2
OWASP Amass
In-depth attack surface mapping and asset discovery
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques. The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application... -
3
OWASP WrongSecrets
Vulnerable app with examples showing how to not use secrets
Welcome to the OWASP WrongSecrets game! The game is packed with real life examples of how to not store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy. -
4
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory. The application contains a vast number of hacking challenges of varying difficulty where the user is supposed... -
Red Hat Enterprise Linux on Microsoft AzureRed Hat Enterprise Linux (RHEL) on Microsoft Azure provides a secure, reliable, and flexible foundation for your cloud infrastructure. Red Hat Enterprise Linux on Microsoft Azure is ideal for enterprises seeking to enhance their cloud environment with seamless integration, consistent performance, and comprehensive support.
-
5
OWASP Find Security Bugs
The SpotBugs plugin for security audits of Java web applications
... and SonarQube. Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE. -
6
OWASP Mobile Security Testing Guide
Manual for mobile app security development and testing
We are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. The MSTG is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers. The OWASP Mobile Application Security Verification Standard (MASVS... -
7
OWASP Mobile Application Security
Manual for mobile app security testing and reverse engineering
The OWASP Mobile Application Security (MAS) flagship project provides a security standard for mobile apps (OWASP MASVS) and a comprehensive testing guide (OWASP MASTG) that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results. MAS Advocates are industry adopters of the OWASP MASVS and MASTG who have invested a significant and consistent amount of resources... -
8
AdminLTE
Free admin dashboard template based on Bootstrap 4
AdminLTE is a fully responsive administration template. Based on Bootstrap 4.6 framework and also the JS/jQuery plugin. Highly customizable and easy to use. Fits many screen resolutions from small mobile devices to large desktops. AdminLTE.io just opened a new premium templates page. Handpicked to ensure the best quality and the most affordable prices. AdminLTE has been carefully coded with clear comments in all of its JS, SCSS and HTML files. SCSS has been used to increase code... -
9
ZAP
The OWASP ZAP core project
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated international team of volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pentesters to use for manual security testing. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications... -
Bright Data - All in One Platform for Proxies and Web ScrapingBright Data offers the highest quality proxies with automated session management, IP rotation, and advanced web unlocking technology. Enjoy reliable, fast performance with easy integration, a user-friendly dashboard, and enterprise-grade scaling. Powered by ethically-sourced residential IPs for seamless web scraping.
-
10
bluemonday
Fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer
bluemonday is an HTML sanitizer implemented in Go. It is fast and highly configurable. bluemonday takes untrusted user-generated content as an input, and will return HTML that has been sanitized against an allowlist of approved HTML elements and attributes so that you can safely include the content in your web page. If you accept user-generated content, and your server uses Go, you need bluemonday. It protects sites from XSS attacks. There are many vectors for an XSS attack and the best way... -
11
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks... -
12
Retire.js
Scanner detecting the use of JavaScript libraries
There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. Scan a web app or node app for use of vulnerable JavaScript libraries and/or node modules. grunt... -
13
Code Quality and Security for Java
SonarSource Static Analyzer for Java Code Quality and Security
... coding issues with just a click. Dozens of rules to ensure your tests are always as clean as your code! Dedicated rules to detect vulnerabilities including ones stemming from OWASP & CWE Top 25 guidelines. It all comes from a powerful analysis engine that we constantly refine. Sonar employs advanced rules along with smart, exclusive analysis techniques to find the trickiest, most elusive issues. -
14
MASVS
The OWASP MASVS (Mobile Application Security Verification Standard)
The OWASP Mobile Application Security Verification Standard (MASVS) is a comprehensive security standard for mobile applications, providing guidelines and a checklist for secure mobile app development. -
15
FormatJS
The monorepo home to all of the FormatJS related libraries
... built integrations with React & Vue. FormatJS is aligned with: ECMAScript Internationalization API (ECMA-402), Unicode CLDR, and ICU Message syntax. By building on these industry standards, FormatJS leverages APIs in modern browsers and works with the message syntax used by professional translators. FormatJS has been tested in all the major browsers (IE11, Chrome, FF & Safari) on both desktop and mobile devices. -
16
bearer
Code security scanning tool (SAST) to discover security risks
Welcome to the Bearer documentation. Bearer is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive data exposures (PII, PHI, PD). We provides built-in rules against a common set of security risks and vulnerabilities, known as OWASP Top 10. Leakage of sensitive data through cookies, internal loggers, third-party logging services, and into analytics... -
17
SCS
HTTP Session Management for Go
... implements a session management pattern following the OWASP security guidelines. Session data is stored on the server, and a randomly-generated unique session token (or session ID) is communicated to and from the client in a session cookie. Most applications will use the LoadAndSave() middleware. This middleware takes care of loading and committing session data to the session store, and communicating the session token to/from the client in a cookie as necessary. -
18
R.swift
Autocompleted resources like images, fonts & segues in Swift projects
.... If the struct is outdated just build and R.swift will correct any missing/changed/added resources. Runtime validation with R.validate() ff all images used in storyboards and nibs are available, if all named colors used in storyboards and nibs are available, if all view controllers with storyboard identifiers can be loaded, if all custom fonts can be loaded. -
19
OWASP Juice Shop
Probably the most modern and sophisticated insecure web application
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications! Juice Shop is written in Node.js, Express and Angular. It was the first application written entirely in JavaScript listed in the OWASP VWA Directory... -
20
ngx_waf
Handy, High performance, ModSecurity compatible Nginx firewall module
Handy, High-performance Nginx firewall module. Such as black and white list of IPs or IP range, uri black and white list, and request body black list, etc. Directives and rules are easy to write and readable. The IP detection is a constant-time operation. Most of the remaining inspections use caching to improve performance. Compatible with ModSecurity's rules, you can use OWASP ModSecurity Core Rule Set. Supports verifying Google, Bing, Baidu and Yandex crawlers and allowing them automatically... -
21
Deep learning time series forecasting
Deep learning PyTorch library for time series forecasting
Example image Flow Forecast (FF) is an open-source deep learning for time series forecasting framework. It provides all the latest state-of-the-art models (transformers, attention models, GRUs) and cutting-edge concepts with easy-to-understand interpretability metrics, cloud provider integration, and model serving capabilities. Flow Forecast was the first time series framework to feature support for transformer-based models and remains the only true end-to-end deep learning for time series... -
22
VisualCodeGrepper V2.3.2
Code security review tool for C/C++, C#, VB, PHP, Java, PL/SQL, COBOL.
... within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo'-style comments and bad code. I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc. Current version: 2.3.2 -
23
PMS for REGZA
A DLNA-compliant UPnP Media Server
PMS for REGZA is a DLNA-compliant Media Server. As a fork build of well-known "PS3 Media Server", This aims especially to improve functionality on TOSHIBA REGZA TVs With preserving applicabilities to other Renderers. Details: Home Page: http://www32.atwiki.jp/pms_regza -
24
Vulnerable Web Apps
Vulnerable Web Apps virtual appliance to learn application security.
...: Version 4 Running on port 80: - bWAPP - Damn Vulnerable Web Application - OWASP Hackademic - OWASP Mutillidae Running on port 81: - Hackazon Running on port 82: - Conviso Vulnerable Web App Running on port 83: - Generic University Running on port 3000: - OWASP Juice Shop Running on port 9000: - Authlab -
25
jul-designer
JUL Designer - a RAD tool for JavaScript
... server with PHP 5.2.0 or later extension * 1024x768 minimum resolution All major browsers supported, including: FF 4+, IE 8+, Edge, Safari 4+, Chrome 2+, Opera 10+., IOS 4+, Android 2.3+.