bag-of-holding - An application to assist in the organization and prioritization of software security activities

  •        749

The Bag of Holding is an application to assist in the organization and prioritization of software security activities. For information on setting up a development environment, see



Related Projects

threadfix - ThreadFix is a software vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems

  •    Java

ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts. ThreadFix is developed and maintained by Denim Group, Ltd ( For information about commercial support and other services, contact Denim Group about ThreadFix

django-rest-framework-filters - Better filtering for Django REST Framework

  •    Python

django-rest-framework-filters is an extension to Django REST framework and Django filter that makes it easy to filter across relationships. Historically, this extension also provided a number of additional features and fixes, however the number of features has shrunk as they are merged back into django-filter. ! These docs pertain to the upcoming 1.0 release. Current docs can be found here.

djoser - REST implementation of Django authentication system.

  •    Python

REST implementation of Django authentication system. djoser library provides a set of Django Rest Framework views to handle basic actions such as registration, login, logout, password reset and account activation. It works with custom user model. Instead of reusing Django code (e.g. PasswordResetForm), we reimplemented few things to fit better into Single Page App architecture.

Ranger - Manage Data Security across the Hadoop Platform

  •    Java

Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. It provides centralized security administration to manage all security related tasks in a central UI or using REST APIs, Fine grained authorization, Centralize auditing of user access within Apache Hadoop, Apache Hive, Apache HBase and other Apache components.

django-rest-pandas - 📊📈 Serves up Pandas dataframes via the Django REST Framework for use in client-side (i

  •    Python

Django REST Pandas (DRP) provides a simple way to generate and serve pandas DataFrames via the Django REST Framework. The resulting API can serve up CSV (and a number of other formats) for consumption by a client-side visualization tool like d3.js. The design philosophy of DRP enforces a strict separation between data and presentation. This keeps the implementation simple, but also has the nice side effect of making it trivial to provide the source data for your visualizations. This capability can often be leveraged by sending users to the same URL that your visualization code uses internally to load the data.

django-DefectDojo - DefectDojo is an open-source application vulnerability correlation and security orchestration tool

  •    Python

DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo. Try out DefectDojo in our testing environment.

awesome-django - Repository mirror of GitLab:

  •    Makefile

A curated list of awesome Django apps, projects and resources. A: An awesome package is one that is mature (not recently released), is well maintained, has a good amount of users, has good documentation, follows the best practices, and which latest release is less than 1 year old. Awesome Django packages and projects are the ones that inspire and serve as examples.

django-rest-framework-gis - Geographic add-ons for Django REST Framework

  •    Python

Geographic add-ons for Django Rest Framework - Mailing List. Provides a GeometryField, which is a subclass of Django Rest Framework (from now on DRF) WritableField. This field handles GeoDjango geometry fields, providing custom to_native and from_native methods for GeoJSON input/output.

awesome-appsec - A curated list of resources for learning about application security

  •    PHP

A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes. Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities. We also have other community projects which might be useful for tomorrow's application security experts.

django-rest-framework-docs - Document Web APIs made with Django Rest Framework

  •    Python

If you want to use the demo app to work on this package: Included in this repo you can find the demo project(at /demo). It is a project with Django & Django Rest Framework that will allow you to work with this project. For more information on how you can set it up please check the of the demo project. For more information visit the docs.

SecurityShepherd - Web and mobile application security training platform

  •    Java

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status. We've got fully automated and step by step walkthroughs on our wiki page to help you get Security Shepherd up and running.

juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws

  •    Javascript

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.

django-rest-framework-social-oauth2 - python-social-auth and oauth2 support for django-rest-framework

  •    Python

This module provides a python-social-auth and oauth2 support for django-rest-framework.The first aim of this package is to help setting up social auth for your rest api. It also helps setting up your Oauth2 provider.

django-sudo - Extra security for your sensitive pages

  •    Python

This is an implementation of GitHub's Sudo Mode for Django. django-sudo provides an extra layer of security for after a user is already logged in. Views can be decorated with @sudo_required, and then a user must re-enter their password to view that page. After verifying their password, that user has elevated permissions for the duration of SUDO_COOKIE_AGE. This duration is independent of the normal session duration allowing short elevated permission durations, but retain long user sessions.

needle - The iOS Security Testing Framework

  •    Python

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like "drozer" that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

channels-api - RESTful Websocket APIs with Django Rest Framework and Channels

  •    Python

Channels API exposes a RESTful Streaming API over WebSockets using channels. It provides a ResourceBinding which is comparable to Django Rest Framework's ModelViewSet. It is based on DRF serializer classes. You're already using Django Rest Framework and want to expose similar logic over WebSockets.

django-rest-framework-jwt - JSON Web Token Authentication support for Django REST Framework

  •    Python

Full documentation for the project is available at docs. This package provides JSON Web Token Authentication support for Django REST framework.

ffead-cpp - Framework for Enterprise Application Development, c++ framework, c++ web framework, c++ application framework, c++ rest framework, c++ soap framework, c++ web sites,c++ web applications, c++ driven web development - c++

  •    C++

ffead-cpp is a web-framework, application framework, utilities all bundled into one. It also provides an embedded HTTP/HTT2/Web-Socket compliant high-performance server core. It is a collection of modules all geared towards performing individual roles which together form the cohesive back-bone of ffead-cpp. It provides a very simple to use and maintain web-framework library with advanced features like Reflection, Dependency Injection (IOC), Inbuilt REST/SOAP support, Security/Authentication features. Moreover implementation for interfacing to caching tools like Memcached/Redis are provided in-built. Database integration/ORM framework (SDORM) solves all major issues with respect to interfacing with SQL/No-SQL database alike.

jsprime - a javascript static security analysis tool

  •    Javascript

Today, more and more developers are switching to JavaScript as their first choice of language. The reason is simple JavaScript has now been started to be accepted as the mainstream programming for applications, be it on the web or on the mobile; be it on client-side, be it on the server side. JavaScript flexibility and its loose typing is friendly to developers to create rich applications at an unbelievable speed. Major advancements in the performance of JavaScript interpreters, in recent days, have almost eliminated the question of scalability and throughput from many organizations. So the point is JavaScript is now a really important and powerful language we have today and it's usage growing everyday. From client-side code in web applications it grew to server-side through Node.JS and it's now supported as proper language to write applications on major mobile operating system platforms like Windows 8 apps and the upcoming Firefox OS apps. But the problem is, many developers practice insecure coding which leads to many client side attacks, out of which DOM XSS is the most infamous. We tried to understand the root cause of this problem and figured out is that there are not enough practically usable tools that can solve real-world problems. Hence as our first attempt towards solving this problem, we want to talk about JSPrime: A JavaScript static analysis tool for the rest of us. It's a very light-weight and very easy to use point-and-click tool! The static analysis tool is based on the very popular Esprima ECMAScript parser by Aria Hidayat.