Projects

Metasploit Framework

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security ... [More] researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. [Less]

PHPIDS

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in ... [More] exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. [Less]

owasp-esapi-java

OWASP ESAPI for Java: Strong, Simple Security Controls for Java Developers Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The OWASP Enterprise ... [More] Security API (ESAPI) Toolkits help software developers guard against security‐related design and implementation flaws. For more information, please visit our Wiki. You can view the latest version of our Javadocs here. You can see the status of what we are working on for the next release here. Other language versions: PHP .NET Python Classic ASP Cold Fusion Haskell [Less]

Ronin

Ronin is a Ruby platform for exploit development and security research. Ronin allows for the rapid development and distribution of code, exploits or payloads over many common Source-Code-Management (SCM) systems.

phpSec

A PHP security library. * Session handler * XSS filter * CSRF protection * Password hashing * Encrypting data * Random data generator * Yubikey - one time tokens * One time passwords

CPHP

A WTFPL-licensed PHP framework for rapid and intuitive web application development.

owasp-esapi-php

OWASP ESAPI for PHP: Strong, Simple Security Controls for PHP Developers Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The OWASP Enterprise ... [More] Security API (ESAPI) Toolkits help software developers guard against security‐related design and implementation flaws. You can find Subversion checkout information here. You can find current assignments here. You can find technical guidance for ongoing work here. Questions/Suggestions? Ask Mike. Other language versions: Java EE .NET Python Classic ASP Cold Fusion Haskell [Less]

secure-action-plugin

secure_action is a ruby on rails plugin which makes it easy to defend your site against assumed logged in attacks, also called CSRF(cross site request forgery) attacks. In an assumed logged in attack, a malicious site assumes the visitor is logged into a target site. The malicious site crafts a ... [More] URL to a destructive action on the target site (change email, delete account, etc) and opens the URL to that action in a hidden iframe. The browser then sends the user's cookies and actions may be performed on their behalf without them ever knowing. This technique may be used to steal accounts, or perform other malicious actions to sites which allow users to log in. This plugin prevents these attacks by signing forms and URLs for specified actions with the user's session_id. By signing with the session_id, your site can be sure that the user of the browser generated the form or URL submitted. Signatures are verified before secure actions are executed. To install, check out the code in your RAILS_ROOT/vendor/plugins/ directory and follow the instructions in the README. 0.1 version of the plugin requires Rails >= 1.2 svn checkout http://secure-action-plugin.googlecode.com/svn/trunk/ secure-action-plugin Author: Brian Ellin, brian at janrain.com Copyright: 2006, JanRain Inc. [Less]

sseq-lib

Mainly meant for private and semi-professional developers who need some help in securing small php applications against some of the top-10 attacks on web software. Security increase to avoid: XSS (Cross Site Scripting) SQL-Injection CSRF (Cross Site Request Forgery) Session-Fixation ... [More] Mail-Header-Injection File-Injection HTTP-Header-Manipulation Response-Splitting Informative error messages [Less]

owasp-esapi-dotnet

The purpose of the .NET ESAPI is to provide a simple interface that provides all the ordinary security functions a developer is likely to need in a clear, consistent, and easy to use way. The .NET ESAPI architecture is very simple, just a collection of classes that encapsulate the key security ... [More] operations most applications need. Please see the OWASP ESAPI page for more details: http://www.owasp.org/index.php/ESAPI API docs are available on my personal site: http://alexsmolen.com/dotnetesapidoc/index.html [Less]