Search Results for "xpath"

...A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. ...

Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language.

This repo is a public collection of malware samples and related dissection/analysis information, maintained by InQuest. It gathers various kinds of malicious artifacts, executables, scripts, macros, obfuscated documents, etc., with metadata (e.g., VirusTotal reports), file carriers, and sample hashes. It’s intended for malware analysts/researchers to help study how malware works, how they are delivered, and how it evolves.

Sirius-Sign is a signing and verification server with it's focus on high throughput and easy integration into an existinig landscape. For signature creation smartcards with OCF and PKCS11 interfaces are supported. An EJB container is required.

eurephia is an authentication and access control plug-in for OpenVPN. It improves authentication by adding user/password auth in addition to certificates. Access control is managed via iptables on Linux servers. See web page for more info

Tidbits is a web-based digital wallet. Use it to store usernames, passwords, phone numbers, or any little tidbit you might easily forget. Then you need only remember your one Tidbits password to access all your important details. Tidbits 2 is optimized for mobile touch-based devices like the iPhone and iPad (it works well on desktop browsers, too). The integrated search engine makes it a snap to find all those little nuggets you don't want to have to remember but want to be able to...

Platform for risk analysis of security critical IT systems using UML, based on the CORAS model-based risk assessment methodology. Contains an XML and UML repository, facilitating management and reuse of analysis results.

The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of OVAL Definitions the interpreter collects system information, evaluates it, and generates a detailed OVAL Results file. Developed to demonstrate the usability of OVAL Definitions and to ensure correct syntax and adherence to the OVAL Schemas by definition writers, it is not a fully functional scanning tool nor an enterprise scanning tool. It is a...

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific...

The OVAL Utilities are a set of utilities for manipulating content written in the OVAL Language. These are general utilities that will assist anyone in using OVAL content.

INACTIVE STATUS: The Recommendation Tracker is not actively being developed. SUMMARY: The Recommendation Tracker facilitates consistent standardized (XCCDF, OVAL, CCE, CPE) guidance authoring through an established format for creating, developing, and tracking all information pertinent to security guide and benchmark generation.

uEasy is a wysiwyg editor for use with Content Management System (CMS). It features a wysiwyg client (as applet or application) and a server. You can easily develop: - interfaces for any CMS - plugins for any format (HTML, Wiki, ...)

xccdf2pdf renders XCCDF documents in PDF and other formats.

A Firefox tutorial add-on for adult absolute beginners, to provide information on and to build up understanding of the threats and features of the web. Suggestions to security plugins, links to web howto's. Includes basic navigation help.

Computer Aided Design of Security Ontology - master thesis realized at GUT

FOAFRealm (also called D-FOAF in version 2.0) is a distributed user profile management system based on FOAF. FOAFRealm is a set of tools that enables to manipulate FOAF (Friend-of-a-Friend) information within J2EE application and provides Realm implement

SecFlow - Secure Flow Analyzation for Java and .NET

Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and other

A tool to monitor internet hosts` bandwidth usage in a Linux-NAT network. A daemon collects data and clients display them (currently a Java applet with a graph). It automatically detects new hosts and has a nice summary statistic.

Publish your junit test report in pdf format. Plug and Play integration. Home page: http://junitpdfreport.sourceforge.net/

Webswell Connect is a business integration tool based on WS web services, ebXML and AS2 standards. Installer includes ebXML Registry/Repository, universal Message Service Handler and Dispatcher and supporting software. Tech support at www.webswell.com

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier removes all malicious code (better known as XSS) with a thoroughly audited and secure yet permissive whitelist, and ensure standards compliance.

The Eclipse XML-Security Plug-In allows you to experiment with the W3C recommendations on digital signatures and encryption and to learn all about their background. Arbitrary XML documents can be canonicalized, signed, verified and en- or decrypted.

Valid CGI Values is (currently) a XHTML forms based technologie for validating CGI values submitted by these forms. It consists of a form parser that analyzes web forms and a package with validation functions.

A C++ library implementing the XML DSIG and XML Encryption standards. Based on the Apache project's Xerces (DOM/SAX parser) and Xalan (XSL/XPATH processor) libraries.