autocsp - Tool to generate a valid Content Security Policy headers, integrity hashes and inline hashes for your current webpage

  •        55

AutoCSP is not just another tool to generate a valid Content Security Policy header for your current webpage. Also is a didactic tool to understand all the available ways to increase the security of your web page. Go to you webpage, open the browser inspector and include the minified version of this library in your DOM manually.

https://github.com/fcsonline/autocsp

Dependencies:

crypto-js : 3.1.6
underscore : 1.8.3
webpack : 1.12.13
zepto-browserify : 1.0.0

Tags
Implementation
License
Platform

   




Related Projects

csp-builder - Build Content-Security-Policy headers from a JSON file (or build them programmatically)

  •    PHP

Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically. CSP Builder was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.

secureheaders - Manages application of security headers with many safe defaults

  •    Ruby

master represents the unreleased 4.x line. See the upgrading to 4.x doc for instructions on how to upgrade. Bug fixes should go in the 3.x branch for now.The 3.x branch is moving into maintenance mode. See the upgrading to 3.x doc for instructions on how to upgrade including the differences and benefits of using the 3.x branch.

secure_headers - Manages application of security headers with many safe defaults

  •    Ruby

master represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes should go in the 5.x branch for now. The 3.x branch is moving into maintenance mode. See the upgrading to 3.x doc for instructions on how to upgrade including the differences and benefits of using the 3.x branch.

scap-security-guide - Baseline compliance content in SCAP formats

  •    Python

The purpose of this project is to create security policy content for various platforms -- Red Hat Enterprise Linux, Fedora, Ubuntu, Debian, and others. Our aim is to make it as easy as possible to write new and maintain existing security content in all the commonly used formats. "SCAP content" refers to documents in the XCCDF, OVAL and Source DataStream formats. These documents can be presented in different forms and by different organizations to meet their security automation and technical implementation needs. For general use we recommend Source DataStreams because they contain all the data you need to evaluate and put machines into compliance. The datastreams are part of our release ZIP archives.


Plone

  •    Python

Plone lets non-technical people create and maintain information using only a web browser. Perfect for web sites or intranets, Plone offers superior security without sacrificing extensibility or ease of use.

Wazuh - Host and endpoint security

  •    C

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the capabilities like Log management and analysis, File integrity monitoring, Intrusion and anomaly detection, Policy and compliance monitoring.

JMDCMS Content Management System

  •    DotNet

JMDCMS is a powerfull module based Content Management System. Written in ASP.net and C# with SQL Server as database. Flexible automatic 3Col, 2Col, 1Col layout. Page Level / Module Level security and publishing control. Search engine friendly URL with ability to Set Page Title...

security_monkey - Security Monkey

  •    Python

Security Monkey monitors your AWS and GCP accounts for policy changes and alerts on insecure configurations. It provides a single UI to browse and search through all of your accounts, regions, and cloud services. The monkey remembers previous states and can show you exactly what changed, and when.Security Monkey can be extended with custom account types, custom watchers, custom auditors, and custom alerters.

trigger - Trigger is a robust network automation toolkit written in Python that was designed for interfacing with network devices

  •    Python

Trigger is a robust network automation toolkit written in Python that was designed for interfacing with network devices and managing network configuration and security policy. It increases the speed and efficiency of managing large-scale networks while reducing the risk of human error. Started by the AOL Network Security team in 2006, Trigger was originally designed for security policy management on firewalls, routers, and switches. It has since been expanded to be a full-featured network automation toolkit.

Demisto Platform - Content Repository

  •    Python

This repo contains content provided by Demisto to automate and orchestrate your Security Operations. Here we will share our ever-growing list of playbooks, automation scripts, report templates and other useful content. We security folks love to tinker, keep enhancing and sharpening our toolset and we decided to open up everything and make it a collaborative process for the entire security community. We want to create useful knowledge and build flexible, customizable tools, sharing them with each other as we go along.

Simple Security Policy Editor

  •    Perl

SSPE: Simple Security Policy Editor is a simple distributed firewall with an central ascii administration. It uses two plain manually edited ascii-files and some other, static files for each of the target-machines to generate iptables.

felix - Project Calico's per-host agent Felix, responsible for programming routes and security policy

  •    Go

This repository contains the source code for Project Calico's per-host daemon, Felix. The best place to ask a question or get help from the community is the calico-users #slack. We also have an IRC channel.

light-4j - A fast, lightweight and more productive microservices framework

  •    Java

Light 4j is a fast, lightweight and cloud native microservices framework. Light means lightweight, lighting fast and shed light on how to program with modern Java SE. It is 44 times faster than the most popular microservices platform Spring Boot embedded Tomcat and use only 1/5 of memory.

SmartTag

  •    

SmartTag is a utility for automatic content tagging in SharePoint 2010. It includes various options for tagging like, random tagging, auto tagging, automatic term generation. Its really helpful when you are migrating contents and want to tag those based on the certain set of t...

hydra - OAuth2 server with OpenID Connect - cloud native, security-first, open source API security for your infrastructure

  •    Go

ORY Hydra is a hardened OAuth2 and OpenID Connect server optimized for low-latency, high throughput, and low resource consumption. ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app. Implementing the consent app in a different language is easy, and exemplary consent apps (Go, Node) and SDKs (Go, Node) are provided.Besides mitigating various attack vectors, such as database compromisation and OAuth 2.0 weaknesses, ORY Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Click here to read more about security.

vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

  •    Go

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.

ProxyFilter

  •    

ProxyFilter is an applicative-level HTTP firewall project based on Apache and mod_perl. He can verify and filter URLs, request headers and content, response headers and content, etc...

Flexigrid - Lightweight but rich data grid with resizable columns and a scrolling data to match the headers, plus an ability to connect to an xml/json based data source using Ajax to load the content

  •    Javascript

Lightweight but rich data grid with re-sizable columns and a scrolling data to match the headers, plus an ability to connect to an XML or JSON data source using Ajax to load the content. Similar in concept with the Ext Grid only its pure jQuery love, which makes it light weight and follows the jQuery mantra of running with the least amount of configuration.

TransMessaging

  •    

TransMessaging is a policy-based message encoding and invocation framework. It is extensible but concentrates on web service encoding and invocation. Technologies used include Java, SOAP, WS-Security and XML Security. Includes security context library.