=Ferruh Mavituna's Freakin' Simple Fuzzer= [http://www.webguvenligi.org/ http://www.webguvenligi.org/wp-content/themes/ocean-mist-10/images/owasp.png] [http://labs.portcullis.co.uk http://labs.portcullis.co.uk/mg/logo.gif?googlecode] FSF is a plug-in based freakin' simple fuzzer for fuzzing ...

=Introduction= PHP doesn't have any function or mechanism for CSRF vulnerabilities. Developers must implement their own functions to defend against this vulnerability. So, I have coded a small one-time-token library. *Some features of secureToken* : * Provides strong entropy for brute-force...

=Introduction= Web.config file holds settings about related web application. This project analyzes given web.config file for security vulnerabilities. *Some outlines* : * Has 30+ security checks * Generates a detailed report with vulnerability descriptions, security configurations and r...

WIVET is a benchmarking project that aims to statistically analyze web link extractors. In general, web application vulnerability scanners fall into this category. These VAs, given a URL(s), try to extract as many input vectors as possibly they can to increase the coverage of the attack surface. ...

SQLiBENCH is a benchmarking project of automatic sql injectors related to dumping databases. There're a bunch of and great open source tools (takeover/dumpers/hybrid) for taking advantage of an sql injection vulnerability both used by web application security specialists and attackers. Techniques...

MSALParser (pronounced _\mi-säl\_) implements necessary parsers and model objects to represent a !ModSecurity Single Audit Log, hence the name MSAL. MSALParser is a PHP RPC end that will get mlogc's calls and parses them into objects and eventually write to a persistent data store (db). _mlogc is...

As a part of the defense-in-depth strategy, applications and/or services should run under privileges as strictly as possible. Running applications and/or services in a jail, one part of this goal can be accomplished. CAMMP aims to provide shell scripts in order to automatize the source code insta...

Jarvinen is a simple web based audit log monitoring service for Modsecurity v2. It consists of two basic parts; a (bash) shell script that parses serial logs into the mysql database and a php web application. The name of the project is after a character in a book by Gregory Petrov. [http://www...

JSecureImage is an image validator for Java based (web) applications. It validates an uploaded image file against certain types of evasion techniques. [http://www.webguvenligi.org/wp-content/themes/ocean-mist-10/images/owasp.png]

Web application firewalls (WAF) are gaining importance among the information security technologies designed to protect web sites from attack. WAF solutions prevent attacks that network firewalls and intrusion detection systems can't and they require no modification of application source code. [http:...