Search Results for "xss"
Sort By:
22 projects for "xss" with 2 filters applied:
-
Stop Cyber Threats with VM-Series Next-Gen Firewall on AzureGain integrated visibility across all traffic in a single pass. Deploy Palo Alto Networks VM-Series to determine application identity and content while automating security policy updates via rich APIs.
-
Stop vibe-debugging.AppSignal's MCP server hands Claude, Cursor, or Zed your real errors, traces, and the deploy that shipped them. AI writes the fix; you review the diff.
-
1
CodeIgniter 4
Open Source PHP Framework (originally from EllisLab)
CodeIgniter4 is a powerful PHP framework designed for building web applications. It is a next-generation version of the popular CodeIgniter framework, offering enhanced features and improved performance. CodeIgniter4 follows the MVC (Model-View-Controller) pattern and is built to be lightweight, with a focus on simplicity and speed. It comes with a rich set of libraries and tools for developing dynamic web applications. -
2
Django
The Web framework for perfectionists with deadlines
Django is a high-level, free and open-source Python web framework founded on the Model–Template–View (MTV) pattern, designed to facilitate rapid development of secure, maintainable, and scalable database-driven websites. First, read docs/intro/install.txt for instructions on installing Django. Next, work through the tutorials in order (docs/intro/tutorial01.txt, docs/intro/tutorial02.txt, etc.). If you want to set up an actual deployment server, read docs/howto/deployment/index.txt for... -
3
HTMLPurifier for Laravel
HTMLPurifier for Laravel 5/6/7/8/9/10/11
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications. Tired of using BBCode due to the current landscape of deficient or insecure HTML filters? Have a WYSIWYG editor but have never been able to use it? ... -
4
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
...Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
Earn up to 16% annual interest with Nexo.Generate interest, access liquidity without selling, and execute trades seamlessly. All in one platform. Geographic restrictions, eligibility, and terms apply.
-
5
Phlex
Object-oriented views in Ruby
Phlex is a Ruby-based framework for building HTML and SVG views using object-oriented programming principles, offering a unique alternative to traditional template systems like ERB. It allows developers to write UI components entirely in Ruby, providing full control over structure, logic, and rendering without mixing HTML and templating syntax. One of its key advantages is performance, as it can render HTML extremely quickly while maintaining predictable scaling even with complex component... -
6
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
7
banana-php
A balanced, adaptable PHP framework for all skill levels.
...It combines beginner-friendly simplicity with professional-grade features like: Smart Routing: Auto-configured with override options. BananaORM: Intuitive database management. Built-in Security: CSRF, XSS, and SQL injection protection. Skill-Adaptive Modes: Switch between beginner, intermediate, and advanced syntax. Perfect for rapid prototyping and scalable applications. -
8
Neiki's Cookie Banner
Lightweight, dependency-free cookie consent banner (GDPR/ePrivacy compliant) in vanilla JS. Fully customizable and accessible.
Neiki's Cookie Banner is a lightweight, drop-in cookie consent solution for any website that needs to comply with GDPR, ePrivacy, and similar privacy regulations — without dragging in a heavy third-party SDK or tying your site to a paid SaaS. It is built from the ground up in vanilla JavaScript with zero dependencies, so it works on any stack — from a static HTML page to a WordPress theme, Laravel app, Next.js site, or anything in between. Drop in one file and you have a fully functional,... -
9
Big List of Naughty Strings
List of strings which have a high probability of causing issues
The Big List of Naughty Strings is a community-maintained catalog of “gotcha” inputs that commonly break software, from unusual Unicode to SQL and script injection payloads. It exists so developers and QA engineers can easily test edge cases that normal test data would miss, such as zero-width characters, right-to-left marks, emojis, foreign alphabets, and long or malformed strings. By throwing these strings at forms, APIs, databases, and UIs, teams can discover encoding bugs, sanitizer... -
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
10
XSpear
Powerfull XSS Scanning and Parameter analysis tool&gem
XSpear is an XSS Scanner on ruby gems. Powerful XSS Scanning and Parameter analysis tool&gem. -
11
End-To-End
End-To-End is a crypto library to encrypt, decrypt, digital sign
...It packaged a JavaScript crypto library, UI elements, and a browser extension workflow that could integrate with webmail-style UIs without server changes. The codebase emphasized careful key handling, usability experiments around key discovery and verification, and mitigations against common web threats like XSS. While the project ultimately transitioned into successor efforts, it helped push discussions about practical E2EE in mainstream web apps and the ergonomics of PGP-style workflows. Security researchers and product teams used it as a design reference for client-side cryptography and the trade-offs of operating inside a hostile web page. -
12
NodeGoat
The OWASP NodeGoat project
A deliberately vulnerable Node.js application designed for security training, helping developers understand common web vulnerabilities and how to mitigate them. -
13
Electrode Stateless CSRF
Stateless Cross-Site Request Forgery (CSRF) protection with JWT
...For use with XMLHttpRequest and fetch, we extend the technique by using two JWT tokens for validation. One token in the cookies and the other in the HTTP headers. Since XSS cannot set HTTP headers also, it strengthens the security further. -
14
Vulnerawa stands for vulnerable web application, though I think it should be renamed Vulnerable website. Unlike other vulnerable web apps, this application strives to be close to reality as possible. To know more about Vulnerawa, go here https://www.hackercoolmagazine.com/vulnerawa-vulnerable-web-app-for-practice/ See how to setup Vulnerawa in Wamp server. https://www.hackercoolmagazine.com/how-to-setup-vulnerawa-in-wamp-server/ To see how to set up a web app pen testing lab with...
-
15
sitecheck
Modular web site spider for web developers.
More than just a link checker, sitecheck is a website spider (also known as a crawler) which can assist with SEO by testing an entire site plus both inbound links from search engines and outbound links to other sites for the following issues: looping redirects (HTTP 301/302), broken links (HTTP 404), server errors (HTTP 500), spelling mistakes, low readability scores (using the Flesch Reading Ease test), missing/empty/duplicate meta tags, duplicate content, slow page speed, W3C validation errors and accessibility errors. Sitecheck can also spot some common causes of PCI compliance failure such as insecure content on secure pages, SQL injection/cross-site scripting (XSS) vulnerabilities, insecure encryption ciphers and open mail relays. Sources of information leakage such as email addresses and IP addresses in the headers or the page will be logged. Includes a separate module called domaincheck which checks the domain expiry date, SSL certificate expiry date and SPF records. -
16
javawebutils
web application utilities
This library contains utility classes such as a converter from plain text to HTML (for safe inclusion of user-supplied text into web pages, avoiding XSS attacks, etc.), converters from binary to hex representation, and similar functions -
17
Entrans is an online collaborative translation tool used for editing and translation of PO files. It provides features such as ``dynamic'' keyboard for Indian languages and automated suggestions to help beginners and experts alike.
-
18
** Guys I have built a much more powerful Fully Featured CMS system at: https://github.com/MacdonaldRobinson/FlexDotnetCMS Macs CMS is a Flat File ( XML and SQLite ) based AJAX Content Management System. It focuses mainly on the Edit In Place editing concept. It comes with a built in blog with moderation support, user manager section, roles manager section, SEO / SEF URL
-
19
-
20
Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and other
-
21
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier removes all malicious code (better known as XSS) with a thoroughly audited and secure yet permissive whitelist, and ensure standards compliance.
-
22
...Twe is used to enforce pre defined html code. Twe takes (evil) html as input and returns html matched against a flexible and easy to extend set of rules. Use Twe to avoid cross side scripting (xss).
- Previous
- You're on page 1
- Next
