SecureCookieHttpModule

  •        51

Secure your session cookie (and other session-based) cookies for replay attacks using this easy to use ASP.NET HttpModule.

http://securecookiehttpmodu.codeplex.com/

Tags
Implementation
License
Platform

   




Related Projects

Sholo.Web.Security

  •    ASPNET

Sholo.Web.Security contains several tools to improve the security of ASP.NET applications. Make FormsAuthentication stateful, strengthen FormsAuthTicket validation, detect & prevent Padding Oracle exploit, kick/ban users & IP's, detect multiple logins from different IP's, etc.

evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

  •    Go

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. Present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.

yosai - A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail

  •    Python

Yosai is a "security framework" that features authentication, authorization, and session management from a common, intuitive API. Yosai is based on Apache Shiro, written in Java and widely used today.

Themis - Crypto library for storage and messaging for ObjC, Android, C++, JS, Python, Ruby and PHP

  •    C

Themis is open-source high-level cryptographic services library for mobile and server platforms, providing secure messaging and secure data storage. Themis provides three important cryptographic services Secure messaging, Secure session and Secure storage.

Apache Shiro - Java Security Framework

  •    Java

Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any JVM-based application – from the smallest mobile applications to the largest web and enterprise applications.


Form State Keeper

  •    

Form State Keeper is a HttpModule that will keep the state of a web form, even if the the forms authentication times out and the user has to login again after clicking the submit button. Works with WebForms, Ajax and ASP.NET MVC.

mod_auth_cache

  •    C

quot;mod_auth_cachequot; is an authentication caching module for Apache webservers, which uses session cookies to transparently cache a users authentication, which was initially done by a different module. Another aim is to allow single-signon in a domain.

SessionManager

  •    Perl

An Apache / mod perl Session manager that will transparently supply a session ID from the client request. Creating one if neccessary useing cookies or munged URI's if cookies are off. It does not store session info - Use the excellent Apache::Session

Libcurve - An encryption and authentication library for ZeroMQ applications

  •    C

Curve implements the CurveZMQ elliptic curve security mechanism, for use in ZeroMQ applications. This library is primarily a reference implementation for the CurveZMQ specification but may also be used for end-to-end security. CurveZMQ creates encrypted sessions ("connections") between two peers using short term keys that it securely exchanges using long term keys. When the session is over, both sides discard their short term keys, rendering the encrypted data unreadable, even if the long term keys are captured. It is not designed for long term encryption of data.

Custom Basic Authentication for IIS

  •    ASPNET

HTTP Module to allow HTTP Basic Authentication against non-Windows accounts in IIS

cookie-session - Simple cookie-based session middleware

  •    Javascript

Simple cookie-based session middleware. A user session can be stored in two main ways with cookies: on the server or on the client. This module stores the session data on the client within a cookie, while a module like express-session stores only a session identifier on the client within a cookie and stores the session data on the server, typically in a database.

cookie - Cookie authentication plugin

  •    Javascript

Cookie authentication provides simple cookie-based session management. The user has to be authenticated via other means, typically a web form, and upon successful authentication the browser receives a reply with a session cookie. The cookie uses Iron to encrypt and sign the session content. Subsequent requests containing the session cookie are authenticated and validated via the provided validateFunc in case the cookie's encrypted content requires validation on each request.

Parichay

  •    

Parichay is a Small and Simple Asp.Net Social Network. Asp.Net MVC has been used as web application framework. NHibernate has been used as data persistence framework. For security Asp.net role based security has been used with additional security httpmodule.

SharePoint 2010 Security On View

  •    

This project uses a simple HttpModule in SharePoint 2010 to provide a mechanism by which administrators can set security on particular views in any list.

Forms based authentication for SharePoint2010

  •    

Forms based authentication Management features for SharePoint 2010. <a href="http://www.softwarediscipline.com/post/2011/01/03/Forms-based-authentication-feature-SharePoint-2010.aspx" alt="SharePoint 2010 FBA management feature">SharePoint 2010 FBA feature</a>

Simple Forms Authentication in MVC 4

  •    

Simple Forms Authentication - Read more here http://aroosh.in/2013/03/17/forms-authentication-basics/

Forms Based Authentication Management - SharePoint2007FBA

  •    

This is my own update to Stacy Draper's FBABasic project for Forms Based Authentication in MOSS 2007. In additon to managing your fba user's roles, my project adds the ability to manage their SharePoint groups (upon account creation and through the editing UI).

flask-sockets - Elegant WebSockets for your Flask apps.

  •    Python

Elegant WebSockets for your Flask apps. Combining WebSockets with Ajax (XHR) endpoints also comes handy with the support of session handling built-in to sockets as well. As an example you could use an Ajax login call which would create a new session and accordingly set a secure HttpOnly cookie to the browser. After authorization, you can connect to the WebSocket endpoint and reuse the session handling from Flask there as well (as shown here: https://pythonhosted.org/Flask-Session/). Access to other custom cookies is also possible via Flasks request.cookies property.

Search Guard - Elasticsearch plugin that offers encryption, authentication, and authorisation

  •    Java

Search Guard is an Elasticsearch plugin that offers encryption, authentication, and authorization. It builds on Search Guard SSL and provides pluggable authentication and authorization modules in addition. Search Guard is fully compatible with Kibana, Logstash and Beats.

ASP LaunchPaD

  •    ASP

A Perfect solution to launch your website on, global authentication system, protect any no. of pages, integerated classes for sessions, password recovery, querying DB, etc. Elegant forms amp; error display, uses session time techniques to control timeouts.