Displaying 1 to 20 from 85 results

oauth2-server - A spec compliant, secure by default PHP OAuth 2.0 Server

  •    PHP

league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.This library was created by Alex Bilbie. Find him on Twitter at @alexbilbie.

labs - This is a collection of tutorials for learning how to use Docker with various tools

  •    PHP

This repo contains Docker labs and tutorials authored both by Docker, and by members of the community. We welcome contributions and want to grow the repo.

captcha - Captcha for Laravel 5

  •    PHP

A simple Laravel 5 service provider for including the Captcha for Laravel 5. The Captcha Service Provider can be installed via Composer by requiring the mews/captcha package and setting the minimum-stability to dev (required for Laravel 5) in your project's composer.json.




awesome-appsec - A curated list of resources for learning about application security

  •    PHP

A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes. Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities. We also have other community projects which might be useful for tomorrow's application security experts.

bouncer - Eloquent roles and abilities.

  •    PHP

Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. With an expressive and fluent syntax, it stays out of your way as much as possible: use it when you want, ignore it when you don't.

DVWA - Damn Vulnerable Web Application (DVWA)

  •    PHP

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.

iniscan - A php.ini scanner for best security practices

  •    PHP

The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it is only for use on the command line and reports the results back to the display for both Pass and Fail on each test. The only current dependency is the Symfony console.


MISP - MISP (core software) - Open Source Threat Intelligence Platform (formely known as Malware Information Sharing Platform)

  •    PHP

MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.

PrivateBin - A minimalist, open source online pastebin where the server has zero knowledge of pasted data

  •    PHP

PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted and decrypted in the browser using 256bit AES in Galois Counter mode.

pfSense - Firewall and Routing platform

  •    PHP

pfSense is a powerful, flexible firewalling and routing platform. It includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a stateful firewall, by default all rules are stateful. A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.

Passbolt - Password manager for the team

  •    PHP

Passbolt is an open source password manager for teams. It allows you to securely share and store credentials. For instance, the wifi password of your office, the administrator password of a router or your organisation's social media account passwords, all of them can be secured using passbolt.

FiercePhish - FiercePhish is a full-fledged phishing framework to manage all phishing engagements

  •    PHP

FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification options. This project is my own and is not a representation of my employer's views. It is my own side project and released by me alone.

pcc - PHP Secure Configuration Checker

  •    PHP

Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on CLI.

laravel-url-signer - Create and validate signed URLs with a limited lifetime

  •    PHP

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL. The URL can be validated with the validate-function.

Sentinel - A framework agnostic authentication & authorization system.

  •    PHP

Sentinel is a PHP 5.4+ fully-featured authentication & authorization system. It also provides additional features such as user roles and additional security features. Sentinel is a framework agnostic set of interfaces with default implementations, though you can substitute any implementations you see fit.

m0n0wall - Embedded Firewall

  •    PHP

m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes. The entire system configuration is stored in one single XML text file to keep things transparent. It features include NAT/PAT, IPv6 support, SNMP agent, caching DNS forwarder, VPN tunnels and lot more.

Suhosin - Protection System for PHP Installations

  •    PHP

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. It comes in two independent parts, that can be used separately or in combination.

HTML Purifier - Standards compliant HTML filter written in PHP

  •    PHP

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.