The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of OVAL Definitions the interpreter collects system information, evaluates it, and generates a detailed OVAL Results file. Developed to demonstrate the usability of OVAL Definitions and to ensure correct syntax and adherence to the OVAL Schemas by definition writers, it is not a fully functional scanning tool nor an enterprise scanning tool. It is a simplistic, command-line application that has the ability to execute OVAL Content on an end system. To learn more about organizations that provide OVAL content and tools or otherwise support the OVAL Language, please see the OVAL Adoption Program (http://oval.mitre.org/adoption/).
Platform for risk analysis of security critical IT systems using UML, based on the CORAS model-based risk assessment methodology. Contains an XML and UML repository, facilitating management and reuse of analysis results.
The OVAL Utilities are a set of utilities for manipulating content written in the OVAL Language. These are general utilities that will assist anyone in using OVAL content.
uEasy is a wysiwyg editor for use with Content Management System (CMS). It features a wysiwyg client (as applet or application) and a server. You can easily develop: - interfaces for any CMS - plugins for any format (HTML, Wiki, ...)
Simple web-based personal digital wallet.
Tidbits is a web-based digital wallet. Use it to store usernames, passwords, phone numbers, or any little tidbit you might easily forget. Then you need only remember your one Tidbits password to access all your important details. Tidbits 2 is optimized for mobile touch-based devices like the iPhone and iPad (it works well on desktop browsers, too). The integrated search engine makes it a snap to find all those little nuggets you don't want to have to remember but want to be able to access anytime, anywhere.
Centralized signing and verification
Sirius-Sign is a signing and verification server with it's focus on high throughput and easy integration into an existinig landscape. For signature creation smartcards with OCF and PKCS11 interfaces are supported. An EJB container is required.
INACTIVE STATUS: The Recommendation Tracker is not actively being developed. SUMMARY: The Recommendation Tracker facilitates consistent standardized (XCCDF, OVAL, CCE, CPE) guidance authoring through an established format for creating, developing, and tracking all information pertinent to security guide and benchmark generation.
AttackTreeMonkey is an XSLT script that calculates values in an attack tree (using Libxslt or Saxon) and outputs XHTML. Attack trees are a way of modelling security systems and how they fail (see Bruce Schneier in Dr Dobbs Journal; 1999).
FOAFRealm (also called D-FOAF in version 2.0) is a distributed user profile management system based on FOAF. FOAFRealm is a set of tools that enables to manipulate FOAF (Friend-of-a-Friend) information within J2EE application and provides Realm implement
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier removes all malicious code (better known as XSS) with a thoroughly audited and secure yet permissive whitelist, and ensure standards compliance.
A Firefox tutorial add-on for adult absolute beginners, to provide information on and to build up understanding of the threats and features of the web. Suggestions to security plugins, links to web howto's. Includes basic navigation help.
Publish your junit test report in pdf format. Plug and Play integration. Home page: http://junitpdfreport.sourceforge.net/
SecFlow - Secure Flow Analyzation for Java and .NET
Valid CGI Values is (currently) a XHTML forms based technologie for validating CGI values submitted by these forms. It consists of a form parser that analyzes web forms and a package with validation functions.
Webswell Connect is a business integration tool based on WS web services, ebXML and AS2 standards. Installer includes ebXML Registry/Repository, universal Message Service Handler and Dispatcher and supporting software. Tech support at www.webswell.com
The Eclipse XML-Security Plug-In allows you to experiment with the W3C recommendations on digital signatures and encryption and to learn all about their background. Arbitrary XML documents can be canonicalized, signed, verified and en- or decrypted.
xccdf2pdf renders XCCDF documents in PDF and other formats.