Search Results for "common"

...Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible. Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. ...

Paseto (Platform-Agnostic Security Tokens) is an open-source security token format designed as a more secure alternative to JWT (JSON Web Tokens). Unlike JWT, Paseto eliminates common cryptographic pitfalls by avoiding weak algorithms. It is designed to be secure by default, with built-in cryptographic best practices, making it ideal for applications requiring robust authentication and token management.

The first truly secure and intuitive templates for PHP. The most common critical vulnerability in websites is Cross-Site Scripting (XSS). It allows an attacker to insert a malicious script into a page that executes in the browser of an unsuspecting user. It can modify the page, obtain sensitive information or even steal the user's identity. Templating systems fail to defend against XSS. Latte is the only system with an effective defense, thanks to context-sensitive escaping.

Enlightn scans your Laravel app code to provide you actionable recommendations on improving its performance, security & more. We'll perform over 100 checks against your application for common issues, and provide actionable feedback for fixing them. Think of Enlightn as your performance and security consultant. Enlightn will "review" your code and server configurations, and give you actionable recommendations on improving performance, security, and reliability! The Enlightn OSS (open source software) version has 64 automated checks that scan your application code, web server configurations, and routes to identify performance bottlenecks, possible security vulnerabilities, and code reliability issues. ...

Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible...

This project has moved to https://github.com/julesbl/ssp and is now PHP7 complient and works in composer. The objective of these routines is to supply a secure login system to be wrapped round php applications and websites so that developers do not need to write their own. These libraries have been hardened against most web type attacks. Now has internationalisation and multiple languages.

Penetration-Testing-Toolkit is a web based project to automate Scanning a network,Exploring CMS, Generating Undectable metasploit payload, DNS-Queries, IP related informations, Information Gathering, Domain related info etc

NOTE: This project is no longer under active developement. Check out the successor at: https://github.com/jensvoid/lorg Web Forensik ist a script that uses PHPIDS to automatically scan your HTTPD logfiles for attacks against web applications. Check the Wiki for installation, configuration, usage.

SCMS is an MVC based secure content management system. It is designed from the ground up to withstand common Web application vulnerabilities. It is designed for PHP 5.0-5.2.x and MySQL 4.1+, and it can optionally support PostgreSQL as a database backend.

About GameOver: Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover XSS CSRF RFI & LFI BruteForce Authentication Directory/Path traversal Command execution SQL injection Section 2 is a collection of dileberately insecure Web applications. ...

phpBricks is MVC framework built on PHP. It’s pre-pack of most common and useful functions library like validation, data saving and retrieval and other relevant libraries. It is built with standard convention and programmer have to think its way.

Peruggia is designed as a safe, legal environment to learn about and try common attacks on web applications. Peruggia looks similar to an image gallery, but contains several controlled vulnerabilities to practice on.

PDit is a PHP Auditing and Analyzing Tool, it will cover the most common and significant vulnerabilities that can be found in a php pages/scripts.

MISec is a feature of the LAMPSecurity.org site. It is designed to release open source security training projects, consisting of virtual machine images demonstrating common Linux, Apache, PHP, and MySQL weaknesses that can lead to compromise.

Four-channel daemon of video observation for IP video servers Aviosys IP9100A (B, Plus). This program is intended for indemnification of hardware restrictions four-channel IP video servers Aviosys

Admin Secure is an add-on script for PHP-Nuke web portal system. This add-on gives you additional protection schemes from common hacking activities. Admin Secure is an alternate protection for your PHP-Nuke based website.