This project is intended to test for access control flaws in web applications. As a theoretical part of this project the research was conveyed that was intended to answer the following questions: 1. Is there a reasonable classification of business logic vulnerabilities? 2. Is it possible to g...

This is an open source project which provides an implementation of standard XACML API. Please note that the API is still under discussion among OASIS XACML committee. We are following the revisions closely. If you're interested in the project, please feel free to contact us at ccba_AT_xwarelabs_DOT_...

==Database-backed Door Access Control System Hardware and Software== || http://cerberus-prox.googlecode.com/files/photo.jpg || http://cerberus-prox.googlecode.com/files/hid-strike_board.jpg || ===Hardware=== This project provides schematics, single-sided PCB artwork, and firmware for an ine...

I plan to write a front end for managing SquidGuard config files for use with Squid/SquidGuard to manage access control for networks. Having worked in education IT for 15 years it has become apparent that there are no decent solutions for very selective filtering of internet access on a source/desti...

Secure Group Communications for Delay-Tolerant Networks provides a group-oriented approach to both access control and confidentiality for group communications targeted at Delay and Disruption-Tolerant Networks. We are currently getting this project started so check back later for additional infor...

p2p collaborative tools with RBAC access control module based on Location of the user(role or permission).

http://webgoat.googlecode.com/svn/trunk/webgoat/src/main/webapp/images/header/header.jpg =Overview= *WebGoat* is a deliberately insecure J2EE web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploi...

<strong>OWASP ESAPI for Java: Strong, Simple Security Controls for Java Developers</strong> Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The OW...

*OWASP ESAPI for PHP: Strong, Simple Security Controls for PHP Developers* Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The OWASP Enterprise Sec...

The purpose of the ESAPI is to provide a simple interface that provides all the security functions a developer is likely to need in a clear, consistent, and easy to use way. The ESAPI architecture is very simple, just a collection of classes that encapsulate the key security operations most applicat...