Web Security

boltClojure

An integrated security system for Clojure applications built on Stuart Sierra's component library.

doormanElixir

An Elixir authentication library for Plug and Phoenix applications that provides a simple API with flexible underlying modules.

ng-otp-inputTypeScript

A fully customizable, one-time password input component for Angular applications.

PasswordJavaScript

Deterministic password generator using PBKDF2 with domain-specific salts for secure, memorable passwords.

Basic AuthJavaScript

Add HTTP Basic Authentication to static pages using Cloudflare Workers.

recaptchaElixir

A simple Elixir library for integrating Google reCAPTCHA v2 into applications.

WitcherC

A framework for using AFL to fuzz web applications and detect SQL/command injection vulnerabilities.

pwngitmanagerPython

A penetration testing tool for selectively downloading files from exposed .git repositories on web servers.

OktaC#

Okta ASP.NET middleware enables OAuth 2.0/OIDC authentication and authorization for ASP.NET and ASP.NET Core applications.

XFFGo

A Go middleware for parsing X-Forwarded-For and Forwarded headers to correctly identify client IP addresses behind proxies.

X-Frame-Options: All about Clickjacking?

A repository containing Cure53's security audit reports, white papers, academic publications, and security tools.

securecookieGo

A Go package for encoding and decoding secure cookies with encryption and authentication, offering high performance and zero heap allocations.

VWGenPython

A tool that generates vulnerable web applications for security testing and education, supporting multiple attack modules.

sessionsGo

A dead simple, highly performant, highly customizable sessions middleware for Go HTTP servers.

http-protectionCrystal

A Crystal HTTP middleware library that protects web applications against common attacks like XSS, clickjacking, and DoS.

rack-secure-uploadRuby

A Rack middleware that scans uploaded files for viruses using antivirus software like Avast or F-Secure.

xssJavaScript

An ESLint plugin that detects potential XSS vulnerabilities in JavaScript code before deployment.

phpmyadmin_honeypotPHP

A simple and effective honeypot that mimics phpMyAdmin to detect and log unauthorized access attempts.

EnsnareRuby

A Ruby on Rails gem plugin for deploying a malicious behavior detection and response honeypot in under ten minutes.

YALIH (Yet Another Low Interaction Honeyclient)Python

A low-interaction client honeypot that detects malicious websites using signature, anomaly, and pattern matching techniques.

plug_authElixir

A collection of Elixir plugs for HTTP Basic and Token authentication with role-based access control.

jwtvaultRust

A highly flexible Rust library for managing and orchestrating JWT workflows, including login, logout, and token renewal.

kemal-sessionCrystal

A session management library for Kemal web applications in Crystal, supporting multiple storage engines and built-in CSRF protection.

modpotHTML

A modular web application honeypot framework written in Go and Gin for detecting web attacks through deceptive applications.

ng-hcaptchaTypeScript

An Angular component library for integrating hCaptcha verification into web applications.