Web Security

73 projects

Showing 36 of 73 projects

A commercial remote browser isolation (RBI) platform that streams a full modern browser to any client with low latency and 60 FPS.

#zero-trust#containerization#enterprise-security

Stars3.8k

Forks403

Last commit2 days ago

bluemondayGo

A fast, configurable HTML sanitizer for Go that scrubs user-generated content of XSS attacks using an allowlist policy.

#sanitization#owasp#web-security

Stars3.7k

Forks193

Last commit1 year ago

recaptchaPHP

A PHP client library for Google's reCAPTCHA service to verify user responses and protect websites from spam.

#web-security#recaptcha#google-recaptcha

Stars3.6k

Forks778

Last commit14 days ago

HTML PurifierPHP

A standards-compliant HTML filtering library for PHP that removes malicious code while preserving safe markup.

#web-security#php-library#html-sanitization

Stars3.4k

Forks354

Last commit6 months ago

CSS-KeyloggingCSS

Chrome extension and Express server demonstrating a CSS-based keylogging attack on password inputs.

#express-server#web-security#keylogging

Stars3.2k

Forks430

Last commit8 years ago

Secure HeadersRuby

A Ruby gem for automatically applying security headers with safe defaults to protect web applications from common vulnerabilities.

#csp#web-security#rails-middleware

Stars3.2k

Forks250

Last commit4 days ago

itsdangerousPython

Cryptographically sign and verify data to safely pass it between trusted and untrusted environments.

#web-security#token-authentication#data-signing

Stars3.1k

Forks236

Last commit10 months ago

Bad SSLHTML

A collection of test subdomains with intentionally broken SSL configurations for testing client security behavior.

#certificate-validation#ssl-testing#web-security

Stars3.0k

Forks202

Last commit7 days ago

OpenRASPC++

Open source Runtime Application Self-Protection (RASP) solution that integrates security directly into application servers via instrumentation.

#php-security#waf#web-security

Stars3.0k

Forks621

Last commit6 months ago

H5SCJavaScript

A comprehensive collection of HTML5-related XSS attack vectors and testing resources for web security professionals.

#web-security#xss#vulnerability-database

Stars2.9k

Forks417

Last commit4 years ago

CORSGo

A configurable Go net/http handler for handling Cross-Origin Resource Sharing (CORS) requests.

#http-handler#net-http#web-security

Stars2.9k

Forks230

Last commit3 months ago

uncaptchaPython

A proof-of-concept system that defeats Google's audio reCaptcha with 85% accuracy using speech recognition and browser automation.

#web-security#selenium#captcha-bypass

Stars2.8k

Forks328

Last commit8 years ago

AstraPython

An automated security testing framework for REST APIs that detects vulnerabilities like SQL injection, XSS, and CSRF.

#owasp#web-security#sdlc

Stars2.6k

Forks412

Last commit1 year ago

scsGo

A lightweight, efficient, and secure HTTP session management library for Go applications.

#web-security#authentication#server-side-sessions

Stars2.5k

Forks192

Last commit5 months ago

pac4jJava

A comprehensive security framework for Java applications, supporting authentication, authorization, and integration with multiple protocols and frameworks.

#spring-mvc#oauth#web-security

A Python tool to dump a git repository from a website, even when directory listing is disabled.

#web-security#source-code-extraction#repository-recovery

Stars2.5k

Forks296

Last commit1 month ago

wardenRuby

A general Rack authentication framework for Ruby web applications providing flexible authentication strategies.

#web-security#rack-middleware#custom-strategies

Stars2.5k

Forks205

Last commit7 months ago

base64CaptchaGo

A flexible Go package for generating and verifying captchas as base64-encoded image or audio strings.

#bot-protection#web-security#unicode

Stars2.4k

Forks309

Last commit6 months ago

secureGo

A Go HTTP middleware that provides essential security headers and protections for web applications.

#https-enforcement#http-middleware#web-security

Stars2.3k

Forks146

Last commit1 year ago

xssor2JavaScript

A web-based toolkit for XSS (Cross-Site Scripting) testing, encoding/decoding, and payload generation.

#pentest#pentest-tool#web-security

Stars2.2k

Forks380

Last commit4 years ago

altchaTypeScript

A self-hosted, privacy-first CAPTCHA alternative using proof-of-work to protect websites and APIs from spam without tracking.

#privacy-first#proof-of-work#web-security

Stars2.2k

Forks104

Last commit5 days ago

HTTPLeaksHTML

A comprehensive HTML file enumerating all possible ways a website can leak HTTP requests for security testing.

#web-security#http-leaks#html-security

Stars2.1k

Forks209

Last commit3 months ago

snallygasterPython

A Python tool that scans HTTP servers for publicly accessible secret files and security vulnerabilities like git repos and backup files.

#python-tool#http-server#web-security

Stars2.1k

Forks228

Last commit2 months ago

acmetoolGo

A command-line tool for automatic acquisition and renewal of TLS certificates from ACME servers like Let's Encrypt.

#devops#acme-server#web-security

Stars2.1k

Forks128

Last commit2 years ago

captchaGo

A Go package for generating and verifying image and audio CAPTCHAs with built-in storage and HTTP server support.

#bot-protection#http-handler#web-security

Stars2.0k

Forks303

Last commit1 year ago

OWASP NodeGoatHTML

A vulnerable Node.js web application designed to teach how to identify and fix OWASP Top 10 security vulnerabilities.

#security-training#vulnerable-app#owasp-top-10

Stars2.0k

Forks2.4k

Last commit1 year ago

is-website-vulnerableJavaScript

Scans websites for publicly known security vulnerabilities in frontend JavaScript libraries using the Snyk database.

#hacktoberfest#snyk-integration#frontend-security

A Ruby gem providing helper methods for integrating Google reCAPTCHA and hCaptcha into web applications.

#rails#web-security#rack

Stars2.0k

Forks438

Last commit15 days ago

PurifierPHP

A Laravel service provider for HTMLPurifier, enabling secure HTML filtering and XSS prevention.

#web-security#laravel#htmlpurifier

Stars2.0k

Forks241

Last commit9 days ago

svg-captchaJavaScript

Generate SVG-based CAPTCHAs in Node.js without C++ addons, offering lightweight and customizable spam protection.

#web-security#authentication#opentype-js

Stars1.9k

Forks180

Last commit2 years ago

TIDoS FrameworkPython

A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.

#web-penetration-testing#web-security#vulnerability-analysis

Stars1.9k

Forks395

Last commit

TIDoS-FrameworkPython

A comprehensive offensive web application penetration testing framework with 108 modules covering reconnaissance to vulnerability analysis.

#web-penetration-testing#web-security#vulnerability-analysis

Stars1.9k

Forks395

Last commit

Zen Rails Security ChecklistRuby

A community-driven checklist of security precautions for Ruby on Rails applications to minimize vulnerabilities.

#secure-coding#rails#owasp

Stars1.8k

Forks144

Last commit6 years ago

CGregwar/CaptchaPHP

A PHP library for generating and validating CAPTCHA images to protect forms from bots.

#bots#web-security#anti-bot

Stars1.8k

Forks304

Last commit5 months ago

domatoPython

A grammar-based DOM fuzzer that generates HTML, CSS, and JavaScript test cases to find security vulnerabilities in web browsers.

#grammar-based-fuzzing#vulnerability-discovery#web-security

Stars1.8k

Forks284

Last commit1 year ago

nosurfGo

A CSRF protection middleware for Go that prevents Cross-Site Request Forgery attacks in any HTTP application.

#http-handler#web-security#breach-mitigation

Stars1.7k

Forks128

Last commit11 months ago

PreviousPage 2 of 3

Related Tags

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub