Search Results for "web security"
Sort By:
Showing 52 open source projects for "web security"
View related business solutions-
$300 Free Credits for Your Google Cloud ProjectsLaunch your next project with $300 in free Google Cloud credits—no strings attached. Test, build, and deploy without risk. Use your credits across the entire Google Cloud platform to find what works best for your needs. After your credits are used, continue with always-free tier services. Only pay when you're ready to scale. Sign up in minutes and start exploring.
-
Build Agents and Models on One PlatformGemini Enterprise Agent Platform is Google Cloud's comprehensive platform for developers to build, scale, govern, and optimize agents and models. Choose from Google's most advanced models and third-party models like Anthropic's Claude Model Family.
-
1
OWASP Find Security Bugs
The SpotBugs plugin for security audits of Java web applications
The SpotBugs plugin for security audits of Java web applications. Find Security Bugs is the SpotBugs plugin for security audits of Java web applications. It can detect 141 different vulnerability types with over 823 unique API signatures. Cover popular frameworks including Spring-MVC, Struts, Tapestry and many more. Plugins are available for Eclipse, IntelliJ / Android Studio and NetBeans. -
2
Retire.js
Scanner detecting the use of JavaScript libraries
There is a plethora of JavaScript libraries for use on the web and in node.js apps out there. This greatly simplifies, but we need to stay updated on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 and insecure libraries can pose a huge risk for your web app. The goal of Retire.js is to help you detect the use of versions with known vulnerabilities. -
3
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of... -
4
Infosec Reference
An Information Security Reference That Doesn't Suck
Infosec Reference is a curated knowledge base and resource repository for information security practitioners. It aggregates cheat sheets, tooling guides, protocol deep dives, incident response playbooks, and threat actor profiles—all organized under accessible categories (network, web, host, cryptography, auditing). The repo is built as a living wiki of sorts: practitioners contribute updates, expand sections, or refine explanations as the threat landscape evolves. -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
The Book of Secret Knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks
...Its content spans areas such as Linux, networking, DevOps, security, databases, web infrastructure, shell usage, and productivity. The collection is useful for both quick lookup and broader exploration of technical topics. Its main value is centralizing many scattered resources into a single, community-maintained reference. -
6
Cap CAPTCHA
The privacy-first, self-hosted CAPTCHA for the modern web
...It replaces invasive tracking-based CAPTCHA solutions with a lightweight approach based on proof-of-work and client-side instrumentation. The system can be deployed independently, giving developers full control over user data and verification processes. It integrates easily into web applications and focuses on maintaining usability while preventing automated abuse. Cap avoids reliance on centralized providers, reducing dependency on external services and improving privacy compliance. Its design reflects a shift toward decentralized, user-respecting security mechanisms. It is particularly suited for developers who want transparent and customizable bot protection. -
7
NelmioCorsBundle
Adds CORS (Cross-Origin Resource Sharing) headers support
NelmioCorsBundle is a Symfony bundle that manages Cross-Origin Resource Sharing (CORS) headers, allowing controlled access to resources across different domains. It simplifies enabling and configuring CORS policies for APIs and web applications, ensuring secure and flexible cross-origin interactions with minimal configuration. -
8
Elide
Elide is a Java library that lets you stand up a GraphQL/JSON-API
Model-driven {json:api} & GraphQL web services for CRUD and Analytics. Elide is a Java library that enables you to stand up JSON API or GraphQL web services in 4 simple steps. Define a JPA annotated model including relationships to other models using Java, Kotlin, Groovy, and other JVM languages. Control access to fields and entities through a declarative, intuitive permission syntax. Make instances of your new model accessible through a top level collection or restrict access only through... -
9
x-ui-yg
The x-ui simplified and modified version of the script
...The project also integrates additional features such as certificate management and compatibility with modern transport protocols. While it offers ease of use, it also highlights security considerations, encouraging the use of HTTPS and proper authentication for panel access. Overall, x-ui-yg is a lightweight yet powerful management solution for proxy infrastructure. -
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
10
Apache Shiro
Apache Shiro
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application, from the smallest mobile applications to the largest web and enterprise applications. -
11
templUI
A growing collection of beautifully designed UI components for Go
templUI is a modern UI component library built specifically for Go applications using the templ templating language, offering a developer-first approach to building interfaces with strong type safety and performance. It provides a growing collection of beautifully designed, production-ready components styled with Tailwind CSS, allowing developers to construct modern web interfaces without relying on heavy frontend frameworks. One of its defining principles is code ownership, meaning developers can either import components directly or copy them into their projects using a CLI, ensuring full control over customization and long-term maintenance. The library avoids JavaScript frameworks entirely, instead relying on lightweight, vanilla implementations that prioritize speed and simplicity. templUI also emphasizes security and compliance, with features such as CSP-friendly rendering and no inline scripts, making it suitable for enterprise environments. -
12
Formik
Build forms in React
Formik is the world's most popular open-source form library for React and React Native. Formik takes care of the repetitive and annoying stuff, keeping track of values/errors/visited fields, orchestrating validation, and handling submission, so you don't have to. This means you spend less time wiring up state and change handlers and more time focusing on your business logic. No fancy subscriptions or observables under the hood, just plain React state and props. By staying within the core... -
13
aws-devops-zero-to-hero
AWS zero to hero repo for devops engineers to learn AWS in 30 Days
aws-devops-zero-to-hero is a 30-day AWS learning roadmap aimed squarely at DevOps engineers who want both conceptual understanding and hands-on projects. The README is structured as a day-by-day syllabus, starting with “Day 1: Introduction to AWS” and moving through IAM, EC2, VPC networking, security, DNS (Route 53), storage (S3), and many other core services. Each day mixes explanation with at least one concrete project or lab, such as deploying applications on EC2, designing secure VPCs,... -
14
JsAction
JsAction is a small event delegation library
JSAction is a JavaScript framework developed by Google that provides a structured, event-driven architecture for managing user interactions in large-scale web applications. It simplifies event handling by declaratively binding actions to DOM elements through HTML attributes, enabling clean separation between markup and behavior. JSAction helps improve performance, maintainability, and reliability by minimizing the use of inline scripts and global event listeners. It is especially useful in... -
15
multiOTP open source
PHP strong authentication library, web interface & CLI, OATH certified
multiOTP is a PHP class, a powerful command line utility and a web interface developed by SysCo systèmes de communication sa in order to provide a completely free and easy operating system independent server side implementation for strong two factors authentication solution. multiOTP supports hardware and software tokens with different One-Time Password algorithms like OATH/HOTP, OATH/TOTP and mOTP (Mobile-OTP). QRcode generation is also embedded in order to support provisioning of Google... -
16
Hacker Roadmap
A collection of hacking tools, resources and references
Hacker Roadmap is an archived learning repository that organizes tools, references, and concepts for practicing ethical hacking and penetration testing. It introduces basic security vocabulary, the difference between hacking and ethical hacking, and the general steps of a penetration test. The guide groups resources by categories such as information gathering, password attacks, wireless testing, exploitation tools, sniffing and spoofing, web hacking, post-exploitation, and frameworks. It emphasizes that learners should practice only in legal environments, read before using tools, and avoid unauthorized targets. ... -
17
Penetration Testing Tools
A collection of more than 170+ tools, scripts, cheatsheets
Penetration-Testing-Tools is a curated collection of tools, scripts, cheatsheets and reference materials assembled to help security researchers, red-teamers, and students perform hands-on penetration testing across multiple domains. The repository groups resources by discipline — reconnaissance, web application testing, network exploitation, privilege escalation, post-exploitation and reporting — so users can quickly find relevant utilities and walkthroughs. -
18
javaboy-code-samples
Collection of Java code examples and demo projects
...Rather than focusing on a single application, it groups many small sample programs and projects that exemplify usage of Java core APIs, Spring Boot, frameworks like GRPC and Shiro, REST services, JWT, web security, caching, asynchronous processing, and database interactions. Each sample serves as a compact learning unit for a specific technology or pattern, allowing developers to explore one concern at a time without navigating a massive codebase. The repository often accompanies blog posts and tutorials, helping developers learn by reading articles and examining the corresponding code side-by-side. ... -
19
Java Client for Google Maps Services
Java client library for Google Maps API Web Services
This library brings the Google Maps API Web Services to your server-side Java application. Each Google Maps Web Service request requires an API key. API keys are generated in the 'Credentials' page of the 'APIs & Services' tab of Google Cloud console. The Java Client for Google Maps Services is designed for use in both server and Android applications. In either case, it is important to add API key restrictions to improve the security of your API key. -
20
html-pdf-chrome
HTML to PDF or image (jpeg, png, webp) converter via Chrome/Chromium
HTML to PDF or image (jpeg, png, webp) converter via Chrome/Chromium. This library is NOT meant to accept untrusted user input. Doing so may have serious security risks such as Server-Side Request Forgery (SSRF). If you run into CORS issues, try using the --disable-web-security Chrome flag, either when you start Chrome externally, or in options.chromeFlags. This option should only be used if you fully trust the code you are executing during a print job. It is strongly recommended that you keep Chrome running side-by-side with Node.js. ... -
21
Filebuster
An extremely fast and flexible web fuzzer
Filebuster is an extremely fast and flexible web fuzzer designed for content discovery. Written in Perl, it utilizes efficient HTTP handling to quickly identify hidden files and directories on web servers, aiding in security assessments. -
22
uLib
User mode C/C++ extended API library for Win32 programmers.
uLib adds tons of utility functions to enhance and simplify Win32 development. Some of it is implemented as C++ classes, however, much of it is implemented as C functions. The purpose of the lib is to add functions "missing" in Win32, simplify tasks that are tedious in plain Win32, and generally make Your, and my, development process easier and faster. This lib has been the staple of my x86/x64 development for decades, and is now open sourced for the benefit of the community. It is... -
23
cppcrypto
C++ cryptographic library (modern hash functions, ciphers, KDFs)
cppcrypto provides optimized implementations of cryptographic primitives. Hash functions: BLAKE, BLAKE2, Echo, Esch, Groestl, JH, Kupyna, MD5, SHA-1, SHA-2, SHA-3, SHAKE, Skein, SM3, Streebog, Whirlpool. Block ciphers: Anubis, Aria, Camellia, CAST-256, Kalyna, Kuznyechik, Mars, Serpent, Simon, SM4, Speck, Threefish, Twofish, and Rijndael (AES) with all block/key sizes. Stream ciphers: HC-128, HC-256, Salsa20, XSalsa20, ChaCha, XChaCha. Encryption modes: CBC, CTR. AEAD modes:... -
24
Name-That-Hash
Identify MD5, SHA256 and 300+ other hashes
Name-That-Hash is a modern hash identification system that tells you what type of hash you are looking at, supporting MD5, SHA-256, and more than 300 other hash types. It is designed as a successor and improvement to older tools like HashID and Hash-Identifier, focusing on up-to-date hash databases and better usability. One of its core ideas is popularity-aware ranking: when you feed in a hash, it prioritizes likely real-world types such as NTLM over obscure ones like Skype hashes, instead... -
25
PowerShell Suite
My musings with PowerShell
PowerShell-Suite is a curated collection of PowerShell utility scripts and modules created to provide low-level Windows API access, process manipulation, debugging detection, security operations, and post-exploitation techniques directly from PowerShell. The project is licensed under BSD-3-Clause. Among its components, there are scripts like Invoke-Runas (to launch processes under alternate credentials via CreateProcessWithLogonW), Invoke-CreateProcess (to spawn processes with fine control...
