Displaying 1 to 20 from 245 results

MozDef - MozDef: The Mozilla Defense Platform

  •    Javascript

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.

awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares

  •    Javascript

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.Please take a quick look at the contribution guidelines first.

xss-filters - Secure XSS Filters

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.




nsp - node security platform command-line tool

  •    Javascript

The results of the check command may be altered based on either a filter or threshold.Please note that in case of naming conflicts built-in reporters (as listed above) take precedence. For instance, nsp-reporter-json would never be used since nsp ships with a json formatter.

OpenZeppelin - A Framework to build secure smart contracts on Ethereum

  •    Javascript

OpenZeppelin is a library for writing secure Smart Contracts on Ethereum. With OpenZeppelin, you can build distributed applications, protocols and organizations. It is meant to provide secure, tested and audited code to enable the new generation of distributed applications, protocols and organizations. OpenZeppelin is a community effort to reduce the hurdle to develop and use them.

snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies

  •    Javascript

Snyk helps you find, fix and monitor for known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.

express-gateway - A microservices API Gateway built on top of ExpressJS

  •    Javascript

Express Gateway is an API Gateway that sits at the heart of any microservices architecture, regardless of what language or platform you're using. Express Gateway secures your microservices and exposes them through APIs using Node.js, ExpressJS and Express middleware. Developing microservices, orchestrating and managing them now can be done insanely fast all on one seamless platform without having to introduce additional infrastructure. Express Gateway is commerically supported LunchBadger. For more information about support plans please contact info@express-gateway.io.


user.js - user.js -- Firefox configuration hardening

  •    Javascript

A user.js configuration file for Mozilla Firefox designed to harden browser settings and make it more secure. Do note that these settings alter your browser behaviour quite a bit, so it is recommended to either create a completely new profile for Firefox or backup your existing profile directory before putting the user.js file in place.

retire.js - scanner detecting the use of JavaScript libraries with known vulnerabilities

  •    Javascript

There is a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development,but we need to stay up-to-date on security fixes. "Using Components with Known Vulnerabilities" is now a part of the OWASP Top 10 list of security risks and insecure libraries can pose a huge risk to your Web app. The goal of Retire.js is to help you detect the use of JS-library versions with known vulnerabilities. A Grunt task for running Retire.js as part of your application's build routine, or some other automated workflow.

learn-json-web-tokens - :closed_lock_with_key: Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!)

  •    Javascript

JSON Web Tokens (JWTs) make it easy to send read-only signed "claims" between services (both internal and external to your app/site). Claims are any bits of data that you want someone else to be able to read and/or verify but not alter. To identify/authenticate people in your (web/mobile) app, put a standards-based token in the header or url of the page (or API endpoint) which proves the user has logged in and is allowed to access the desired content.

vm2 - Advanced vm/sandbox for Node.js

  •    Javascript

IMPORTANT: Requires Node.js 6 or newer. VM is a simple sandbox, without require feature, to synchronously run an untrusted code. Only JavaScript built-in objects + Buffer are available. Scheduling functions (setInterval, setTimeout and setImmediate) are not available by default.

juice-shop - OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws

  •    Javascript

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.

openzeppelin-solidity - OpenZeppelin is a library for secure smart contract development

  •    Javascript

OpenZeppelin is a library for secure smart contract development. It provides implementations of standards like ERC20 and ERC721 which you can deploy as-is or extend to suit your needs, as well as Solidity components to build custom contracts and more complex decentralized systems. To write your custom contracts, import ours and extend them through inheritance.

sleepy-puppy - Sleepy Puppy XSS Payload Management Framework

  •    Javascript

So many amazing tools have come out since the release of Sleepy Puppy that streamline the original goals of the project. We're currently leaving Sleepy Puppy code online but are not planning on adding any new features or addressing issues/pull requests. If you are interested in maintaining this project, please reach out to me (sbehrens@netflix.com). Sleepy Puppy is a cross-site scripting (XSS) payload management framework which simplifies the ability to capture, manage, and track XSS propagation over long periods of time.

postmate - 📭 A powerful, simple, promise-based postMessage library.

  •    Javascript

A powerful, simple, promise-based postMessage iFrame communication library. Postmate is a promise-based API built on postMessage. It allows a parent page to speak with a child iFrame across origins with minimal effort.

buttercup-desktop - :key: Javascript Secrets Vault - Multi-Platform Desktop Application

  •    Javascript

Cross-platform, free and open-source password manager based on NodeJS. Buttercup is a password manager - an assistant for helping you store all of your login credentials. Buttercup helps you keep your accounts safe and assists you when you want to log in - all you need to do is remember just one password: your master password.

DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG

  •    Javascript

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.

H5SC - HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors

  •    Javascript

Pull requests welcome, we store the files in the /attachments sub-folder.