Open Source XSL (XSLT/XPath/XSL-FO) Security Software

The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of OVAL Definitions the interpreter collects system information, evaluates it, and generates a detailed OVAL Results file. Developed to demonstrate the usability of OVAL Definitions and to ensure correct syntax and adherence to the OVAL Schemas by definition writers, it is not a fully functional scanning tool nor an enterprise scanning tool. It is a simplistic, command-line application that has the ability to execute OVAL Content on an end system. To learn more about organizations that provide OVAL content and tools or otherwise support the OVAL Language, please see the OVAL Adoption Program (http://oval.mitre.org/adoption/).

eurephia is an authentication and access control plug-in for OpenVPN. It improves authentication by adding user/password auth in addition to certificates. Access control is managed via iptables on Linux servers. See web page for more info

The OVAL Utilities are a set of utilities for manipulating content written in the OVAL Language. These are general utilities that will assist anyone in using OVAL content.

AttackTreeMonkey is an XSLT script that calculates values in an attack tree (using Libxslt or Saxon) and outputs XHTML. Attack trees are a way of modelling security systems and how they fail (see Bruce Schneier in Dr Dobbs Journal; 1999).

FOAFRealm (also called D-FOAF in version 2.0) is a distributed user profile management system based on FOAF. FOAFRealm is a set of tools that enables to manipulate FOAF (Friend-of-a-Friend) information within J2EE application and provides Realm implement

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier removes all malicious code (better known as XSS) with a thoroughly audited and secure yet permissive whitelist, and ensure standards compliance.

A Firefox tutorial add-on for adult absolute beginners, to provide information on and to build up understanding of the threats and features of the web. Suggestions to security plugins, links to web howto's. Includes basic navigation help.

Publish your junit test report in pdf format. Plug and Play integration. Home page: http://junitpdfreport.sourceforge.net/

A tool to monitor internet hosts` bandwidth usage in a Linux-NAT network. A daemon collects data and clients display them (currently a Java applet with a graph). It automatically detects new hosts and has a nice summary statistic.

OpenSQLi-NG is the next generation open source sql injection tool. It silently test and exploit (on-demand) SQL injections conditions. Please refer to the project web site to have the complete description: http://opensqling.sourceforge.net/?page_id=8

INACTIVE STATUS: The Recommendation Tracker is not actively being developed. SUMMARY: The Recommendation Tracker facilitates consistent standardized (XCCDF, OVAL, CCE, CPE) guidance authoring through an established format for creating, developing, and tracking all information pertinent to security guide and benchmark generation.

SecFlow - Secure Flow Analyzation for Java and .NET

Tidbits is a web-based digital wallet. Use it to store usernames, passwords, phone numbers, or any little tidbit you might easily forget. Then you need only remember your one Tidbits password to access all your important details. Tidbits 2 is optimized for mobile touch-based devices like the iPhone and iPad (it works well on desktop browsers, too). The integrated search engine makes it a snap to find all those little nuggets you don't want to have to remember but want to be able to access anytime, anywhere.

Valid CGI Values is (currently) a XHTML forms based technologie for validating CGI values submitted by these forms. It consists of a form parser that analyzes web forms and a package with validation functions.

Webswell Connect is a business integration tool based on WS web services, ebXML and AS2 standards. Installer includes ebXML Registry/Repository, universal Message Service Handler and Dispatcher and supporting software. Tech support at www.webswell.com

The Eclipse XML-Security Plug-In allows you to experiment with the W3C recommendations on digital signatures and encryption and to learn all about their background. Arbitrary XML documents can be canonicalized, signed, verified and en- or decrypted.

Computer Aided Design of Security Ontology - master thesis realized at GUT

Sirius-Sign is a signing and verification server with it's focus on high throughput and easy integration into an existinig landscape. For signature creation smartcards with OCF and PKCS11 interfaces are supported. An EJB container is required.

uEasy is a wysiwyg editor for use with Content Management System (CMS). It features a wysiwyg client (as applet or application) and a server. You can easily develop: - interfaces for any CMS - plugins for any format (HTML, Wiki, ...)

xccdf2pdf renders XCCDF documents in PDF and other formats.

Platform for risk analysis of security critical IT systems using UML, based on the CORAS model-based risk assessment methodology. Contains an XML and UML repository, facilitating management and reuse of analysis results.