Search Results for "csrf" - Page 2
Sort By:
Showing 50 open source projects for "csrf"
View related business solutions-
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
Earn up to 16% annual interest with Nexo.Generate interest, borrow against your crypto, and trade a range of cryptocurrencies — all in one platform. Geographic restrictions, eligibility, and terms apply.
-
1
HUGE
Simple user-authentication solution, embedded into a small framework
Just a simple user authentication solution inside a super-simple framework skeleton that works out-of-the-box (and comes with an auto-installer), using the future-proof official bcrypt password hashing/salting implementation of PHP 5.5+, plus some nice features that will speed up the time from idea to first usable prototype application dramatically. Nothing more. This project has its focus on hardcore simplicity. Everything is as simple as possible, made for smaller projects, typical agency... -
2
Firing Range
Firing Range is a test bed for web application security scanners
...Deployed as a cloud-friendly app, it aggregates dozens of vulnerability patterns in repeatable, labeled routes so tools can be benchmarked on coverage and noise. The project doesn’t just include simple XSS forms; it spans variants such as DOM-based issues, context-sensitive sinks, template mishandling, CSRF, open redirects, and mixed content problems. Each scenario is crafted to reflect how bugs appear in production—behind frameworks, in odd encodings, or across redirects—so scanners must demonstrate accurate crawling and context understanding. Because the behaviors are stable and documented, teams can run comparative tests over time and quantify regression or improvement in their pipelines. ... -
3
APIthet
An Application to security test RESTful web APIs.
APIthet is an application to security test RESTful web APIs. Assessing APIs help in detecting security vulnerabilities at an early stage of the SDLC. Compare this with assessing an Android application that uses APIs on a backend server. This kind of assessment happens at a much later phase of the SDLC. Even worse, it does not necessarily touch all the APIs. That's not all. You specify one of the JSON parameters as random. This helps set a unique value for a specific JSON parameter in... -
4
Web Security Basics
Web security concepts
...The repository focuses on real-world security mechanisms and vulnerabilities, explaining protocols like SSL/TLS for encrypted communications, the principles behind CORS (Cross-Origin Resource Sharing), and widely exploited attack categories such as cross-site scripting (XSS) and cross-site request forgery (CSRF). It also covers token-based authentication patterns like access and refresh tokens, helping developers see how modern web applications attempt to balance security with usability. Rather than providing executable code or automated tools, the project emphasizes conceptual understanding and the reasoning behind why certain defenses matter in web architecture. -
Stop Storing Third-Party Tokens in Your DatabaseRolling your own OAuth token storage can be a security liability. Token Vault securely stores access and refresh tokens from federated providers and handles exchange and renewal automatically. Connected accounts, refresh exchange, and privileged worker flows included.
-
5
Electrode Stateless CSRF
Stateless Cross-Site Request Forgery (CSRF) protection with JWT
An electrode plugin that enables stateless CSRF protection using JWT in Electrode, Express, Hapi, or Koa 2 applications. CSRF protection is an important security feature, but in systems which don't have backend session persistence, validation is tricky. Stateless CSRF support addresses this need. CSRF attacks can be bad when a malicious script can make a request that can perform harmful operations through the user (victim)'s browser, attaching user-specific and sensitive data in the cookies. ... -
6
Track -1-Generator-2017
Generate track 1 from track 2
...Tags: CVV , Python , fullz , SSN , prv8 , MMN , DOB , Track1 , C++ , Track2 , carding , POS , fraud , zeus , citadel , banking , Perl , spyeye , dumps , Alina , cardable , paypal , PHP , Vskimmer , java exploit , Dexeter , blackpos , carding forum , ASM , skimmer , fake antivirus , android , ICQ , symlink , flash exploit , root , deface , hack , backtrack , apache , TDS , litespeed , linux , windows , asp , aspx , C# , python , localroot , OTR , shell , SSH , security , hacking , SQLi , XSS , CSRF , 0day , exploit , VBV , trojan , HTTP , virus , worm , DDOS , Scan , eth0 , RDP , PR , botnet , carding , centos , plesk , FUD , redhat , carding, cc checker, dump checker, cc shop, dump shop, free cvv, free dumps -
7
Spock
Another Haskell web framework for rapid development
...It provides a full toolbox including everything to get a quick start into web programming using Haskell. Spock provides fast route dispatching in a type-safe environment. Built-in support for cookies, secure sessions and CSRF protection. Applications supported by Spock are easily deployed using stack, or Docker. Spock and all ecosystem packages are open sourced on Github. Feel free to review code or contribute. -
8
webiness
Small PHP MVC Framework
Webiness is lightweight PHP framework based on MVC design pattern. Webiness is free and open source project available under MIT licence. and, in some way, It's inspirated by Yii Framework but it has much less features then Yii. It try to keep good balance between number of features, usability, speed, security options and easy of development. -
9
A webapp hacking game, where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
-
Compliant and Reliable File Transfers Backed by Top Security CertificationsStop relying on non-certified, legacy file transfer tools that creak under the weight of modern security demands. Get full audit trails, advanced access controls and more supported by an award-winning team of experts. Start your free 25-day trial today.
-
10
Webiness
Lightweight PHP framework
...Webiness is integrated with jQuery, and it comes with a set of AJAX-enabled features and his own light CSS framework for frontend development. Trying to be secure, it has integrated authetification and authorization module, RBAC user interface, sessions expire feature, input validation, CSRF protection, SQL injection prevention and other security features. -
11
Laravel Hackathon Starter
Boilerplate for laravel web applications
If you have attended any hackathons in the past, then you know how much time it takes to get a project started: decide on what to build, pick a programming language, pick a web framework, pick a CSS framework. A while later, you might have an initial project up on GitHub and only then can other team members start contributing. Or how about doing something as simple as Sign in with Facebook authentication? You can spend hours on it if you are not familiar with how OAuth 2.0 works. Even if you... -
12
miniPHP
A small, simple PHP MVC framework skeleton that encapsulates a lot of
miniPHP A small, simple PHP MVC framework skeleton that encapsulates a lot of features surrounded with powerful security layers. miniPHP is a very simple application, useful for small projects, helps to understand the PHP MVC skeleton, know how to authenticate and authorize, encrypt data and apply security concepts, sanitization and validation, make Ajax calls and more. It's not a full framework, nor a very basic one but it's not complicated. You can easily install, understand, and... -
13
WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits.
-
14
This is a Portable version of Mozilla Firefox with several add-ons that are useful for Web Application Security. The purpose of this package is to have the best available addons to manually test XSS, SQL, siXSS, CSRF, Trace XSS, RFI, LFI, etc.
-
15
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific... -
16
BTS Pentesting Lab
BTS Pentesting Lab - a deliberately vulnerable Web application
...It can be used to learn about many different types of web application vulnerabilities. Currently, the app contains the following types of vulnerabilities: *SQL Injection *XSS(includes Flash Based xss) *CSRF *Clickjacking *SSRF *File Inclusion * Code Execution *Insecure Direct Object Reference *Unrestricted File Upload vulnerability *Open URL Redirection *Server Side Includes(SSI) Injection and more... Java version of this application can be found here: https://sourceforge.net/p/javavulnerablelab/ -
17
Java-based Open Source WAF (Web Application Firewall) to include inside a web application in order to protect it against attacks like Cross-Site Request Forgery (CSRF), Parameter Manipulation and more.
-
18
Hcon Security Testing Framework
Open Source Penetration Testing / Ethical Hacking Framework
HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers, manual vulnerability assessments and much more. -
19
Wave Framework
Open Source API-centric PHP Micro-framework
Wave is a PHP micro-framework that is built loosely following model-view-control architecture and factory method design pattern. It is made for web services, websites and info-systems and is built to support a native API architecture, caching, user control and smart resource management. Wave is a compact framework that does not include bloated libraries and features and is developed keeping lightweight speed and optimizations in mind. While not necessary for using Wave Framework, it comes by... -
20
SCMS is an MVC based secure content management system. It is designed from the ground up to withstand common Web application vulnerabilities. It is designed for PHP 5.0-5.2.x and MySQL 4.1+, and it can optionally support PostgreSQL as a database backend.
-
21
GameOver
Training and educating about the web security
...GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover XSS CSRF RFI & LFI BruteForce Authentication Directory/Path traversal Command execution SQL injection Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. ... -
22
The CSRF Protector is a Firefox extension which attempts to detect and prevent CSRF attacks by looking for patterns in the possible ways of performing CSRF and blocking behaviors common to multiple types of CSRF attack
-
23
eXlent2k7 is a CMS based on the most modern technologies (XHTML 1.1, CSS 2.1, PHP 5 objects, PDO, XML, DOM) with good security (CSRF protection, XSS prevention in template system, JavaScript can be disabled, SQL injection prevention in database class).
-
24
phpshopcart
single-page php shopping cart script
...More importantly, however, it's really just a demo. Don't use it for production code without thoroughly reviewing it. Specifically, it lacks secure session ID's and has not been reviewed for XSS, SQL Injection, CSRF... WARNING #2: This code is written for php3. Most people reading this have probably never even heard of php3. I just tested it out (2015) for fun and found that it doesn't work at all. Please, please; choose not just a different shopping cart, but perhaps a different language. The world has changed since 1998! Why are ten people a week still downloading? ... -
25
PHPExtJS
Built free and powerfull web application with ExtJS and PHP
...Features: - Ext JS CRUD (Create, Read, Update, Delete) Code Generator - RESTful HTTP method (PUT, DELETE, UPDATE, GET) - ExtJS MVC - RBAC application architecture - Dynamic tree menu CSRF attack prevention by default You can download 2 version of phpextjs, there is standart and desktop version Here is link download Standart version : https://github.com/sani-iman-pribadi/phpextjs_standart/archive/master.zip Desktop version https://github.com/sani-iman-pribadi/phpextjs_desktop/archive/master.zip