Web Security
Showing 36 of 157 projects
A CSRF protection middleware for Go that prevents Cross-Site Request Forgery attacks in any HTTP application.
A .NET library for cleaning HTML fragments and documents to prevent XSS attacks using a robust HTML parser.
Open-source supply chain security scanner that automatically detects vulnerabilities like Log4Shell in dependencies and notifies via GitHub pull requests.
A curated list of awesome CAPTCHA libraries for generation and tools for cracking them.
An advanced Cross-Site Request Forgery (CSRF) audit and exploitation toolkit for security testing.
Security and authorization middleware for ASP.NET Core web applications.
A Go middleware library providing CSRF protection for web applications with support for HTML forms and JavaScript frameworks.
A modular vulnerability scanner that checks website security and automatically generates easy-to-read reports for organizations.
An extensible authentication and authorization library for Clojure Ring web applications and services.
A Python library for generating audio and image CAPTCHAs with custom voice and font support.
An OpenID Connect and FAPI 2 Relying Party module for Apache HTTPd, enabling standards-based authentication and authorization.
Context-sensitive output filters for preventing XSS attacks with minimal encoding.
A professional-grade web security scanner for penetration testing with intelligent, context-aware scanning and proof-based vulnerability detection.
An ergonomic Rust HTTP client with advanced TLS and HTTP/2 fingerprinting for browser emulation.
A small ASP.NET Core middleware package for adding and customizing security headers to protect websites.
A FastAPI extension providing user session management and authentication similar to Flask-Login.
A security middleware library for FastAPI providing IP control, rate limiting, penetration detection, and security headers.
A collection of nearly 40,000 JavaScript malware samples for security research and analysis.
A PHP library that sanitizes user input to prevent Cross-Site Scripting (XSS) attacks.
A curated database of Universal Cross-Site Scripting (UXSS) vulnerabilities and browser security research resources.
A Python library that escapes HTML/XML characters to safely include untrusted strings in markup.
A utility for bug hunters and organizations to identify Blind Cross-Site Scripting vulnerabilities via customizable payloads and notifications.
A PHP class for generating and validating CAPTCHA images and audio with extensive customization options.
A PHP package to add security-related HTTP response headers with Laravel integration.
Security libraries for ASP.NET applications that help implement HTTP security headers and other web security best practices.
A tool that creates a JavaScript shell payload for exploiting XSS vulnerabilities to execute code in a victim's browser.
An exhaustive security checklist for Node.js web services, focused on Express and Hapi frameworks.
A frontend JavaScript framework for developing DNS rebinding exploits against vulnerable LAN devices and IoT products.
Integrated Let's Encrypt certification for Elixir-powered sites without requiring external processes.
A framework for exploiting DNS rebinding vulnerabilities to bypass Same-Origin Policy and attack internal networks from browsers.
A pure-JavaScript high-level API wrapper for Emscripten-compiled libsodium cryptographic routines.
A web application honeypot sensor that clones websites to attract and analyze malicious attacks.
A CLI tool to export OWASP Juice Shop security challenges into CTFd, RootTheBox, or FBCTF compatible formats.
A lightweight pure JavaScript CAPTCHA generator for Node.js with no external dependencies.
A Laravel package that prevents spam using honeypot fields and form submission timing validation.
A secure, extensible authentication library for Phoenix and other Plug-based Elixir web applications.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.