Displaying 1 to 20 from 28 results

nosurf - CSRF protection middleware for Go.

  •    Go

nosurf is an HTTP package for Go that helps you prevent Cross-Site Request Forgery attacks. It acts like a middleware and therefore is compatible with basically any Go HTTP application.Even though CSRF is a prominent vulnerability, Go's web-related package infrastructure mostly consists of micro-frameworks that neither do implement CSRF checks, nor should they.

hacker101 - Hacker101

  •    Ruby

Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you. Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.

csurf - CSRF token middleware

  •    Javascript

Node.js CSRF protection middleware. Requires either a session middleware or cookie-parser to be initialized first.

xssor2 - XSS'OR - Hack with JavaScript.

  •    Javascript

XSS'OR - Hack with JavaScript. It contains three major modules: Encode/Decode, Codz, Probe.




akka-http-session - Web & mobile client-side akka-http sessions, with optional JWT support

  •    Java

akka-http is an Akka module, originating from spray.io, for building reactive REST services with an elegant DSL. akka-http is a great toolkit for building backends for single-page or mobile applications. In almost all apps there is a need to maintain user sessions, make sure session data is secure and cannot be tampered with.

BlackWidow - A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website

  •    Python

BlackWidow is a python based web application spider to gather subdomains, URL's, dynamic parameters, email addresses and phone numbers from a target website. This project also includes Inject-X fuzzer to scan dynamic URL's for common OWASP vulnerabilities. This software is released under the GNU General Public License v3.0. See LICENSE.md for details.

NeatHtml

  •    ASPNET

NeatHtml™ is a highly-portable open source website component that displays untrusted content securely, efficiently, and accessibly. Untrusted content is any content that is not trusted by the website owner (e.g. blog comments, forum posts, or user pages on social networks).


fusker - Fusker is a static HTTP server that provides optional security features for HTTP/Socket.io

  •    CoffeeScript

You think you're one raw dog? fusker.nodester.com Come at me bro. Please see this for a working express example. It's as easy as app.use(fusker.express.check); Detectives/payloads are the same as they would be for the fusker HTTP server. Make sure fusker is the first piece of middleware added.

csrf-lite - CSRF protection utility for framework-free node sites.

  •    Javascript

CSRF protection utility for framework-free node sites.If a token is supplied, then returns it. If not, then it generates a 192-bit random string and returns that.

crumb - CSRF crumb generation and validation for hapi

  •    Javascript

Crumb is used to diminish CSRF attacks using a random unique token that is validated on the server side.Crumb may be used whenever you want to prevent malicious code to execute system commands, that are performed by HTTP requests. For example, if users are able to publish code on your website, malicious code added by a user could force every other user who opens the page, to load and execute code from a third party website e.g. via an HTML image tag. With Crumb implemented into your hapi.js application, you are able to verify requests with unique tokens and prevent the execution of malicious requests.

Formidable - The PHP pragmatic forms library

  •    PHP

Formidable is a PHP library to handle forms. It parses an HTML form and allows you to manipulate it from your PHP code, and then render it.

connect-csrf-lite - CSRF validation middleware for Connect/Express

  •    Javascript

Basic CSRF validation middleware for Connect using csrf-lite. The implementation of CSRF token session storage and retrieval is left entirely up to you. The middleware takes the token set at req.csrfToken (configurable with the tokenKey option) and validates it against x-csrf-token present in the body (configurable with the dataKey option) for all requests that mutate state.

CSRF - ring-csrf example

  •    Clojure

Modified for http://stackoverflow.com/questions/30172569/clojure-anti-forgery-csrf-token-invalid-with-latest-version-ring-compojure to demonstrate failure with latest libraries. With the latest versions of the compojure (>= 1.2.0) and ring libraries, I get "Invalid..." even with a valid token.

DunglasAngularCsrfBundle - Automatic CSRF protection for JavaScript apps using a Symfony API

  •    PHP

This API Platform and Symfony bundle provides automatic Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications. Despite the name, it works with any client-side technology including Angular, React, Vue.js and jQuery. Actually, any JavaScript code issuing XMLHttpRequest or using the Fetch API can leverage this bundle.

csrf-crypto - Connect middleware for session-less CSRF protection using cryptography

  •    Javascript

csrf-crypto implements CSRF protection without using server-side session, just like ASP.Net's AntiForgery class. As such, it can be used in web farm scenarios without requiring that each user stick to one machine or that the machines can communicate with eachother. It still prevents attackers from generating valid form tokens even if they can read the victim's cookies.

csrf-login - Login from command line to the websites that use CSRF protection

  •    Javascript

CSRF tokens are a good security practice. A login form page contains a hidden input field that is sent together with the username / password pair. The server checks if the sent data contains the valid CSRF field before trying to authenticate the user. csrf-login allows you to login from command line to websites that use CSRF token protection.

Aura.Session - Tools for managing sessions, including session segments and read-once messages

  •    PHP

Provides session management functionality, including lazy session starting, session segments, next-request-only ("flash") values, and CSRF tools. This library requires PHP 5.3 or later; we recommend using the latest available version of PHP as a matter of principle. It has no userland dependencies.

security-csrf - The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens

  •    PHP

The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.

authcode - Awesome auth library for Flask and Bottle web apps

  •    Python

Awesome authentication code for Flask and Bottle web apps. Authcode is a clean solution for both authentication and authorization of Python web applications. Briefly, authentication verifies a user is who they claim to be, and authorization determines what an authenticated user is allowed to do.