Open Source Frameworks - Page 4

OAproject implements a plataform to allow applications to interact. Apps using the platform send/receive messages through a message oriented middleware. Main features are a Single Sign On (SSO), Identity Management System (IMS) and a provisioning system

OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time to see the big picture and think out of the box. More efficiently find, verify and combine vulnerabilities. Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions. Perform more tactical/targeted fuzzing on seemingly risky areas. Demonstrate true impact despite the short timeframes we are typically given to test. The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience. OWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives).

Guard Stone is an Open Source Security Platform, which enables to integrate and deploy open source security tools. Some of Guard Stone's focus areas include Firewall, VPN, Mail Gateway Filters, Web Filters, Web Application Security, Routing etc;

Open eSign allows software developers and technical parties in a company to create secure, online (web-based) forms and documents that follow a business process flow and enable legally recognized electronic signatures using digital signature technology.

Open Legacy Storage Document: Generic Document Archiving on Disk and Network(using MINA) Framework in Java for huge number of docs(up to 2^192 documents), efficient(Java NIO), crypto, net transfert, web retrieve, J2EE and eMail archiving compatible.

OpenUAT is a toolkit for authentication in ubiquitous computing systems.

The Oso Library is a batteries-included framework for building authorization in your application. With Oso, you can. Model: Set up common permissions patterns like RBAC and relationships using Oso’s built-in primitives. Extend them however you need with Oso’s declarative policy language, Polar. Filter: Go beyond yes/no authorization questions. Implement authorization over collections too - e.g., “Show me only the records that Juno can see.” Test: Write unit tests over your authorization logic now that you have a single interface for it. Use the debugger or tracing to track down unexpected behavior. Oso lets you write policies to control who can do what in your app. Select different policies below to see how they change the permissions in the sample app on the right. Oso's language libraries can be developed without touching the Rust core, but you will still need the Rust stable toolchain installed in order to build the core.

The PHP Web Toolkit enables the rapid development of multi-layered web applications and is designed to be easy to use, extensible, reliable, reusable, scalable and secure. It integrates with ADOdb, FCKeditor, kses, Libmcrypt, Libmhash and Smarty.

phpgirder, a set of PHP classes used to add user authentication, Access Control Levels, and encryption to PHP applications or frameworks. The ACL structure uses multiple database users and permissions and SSL encryption for enhanced application security.

What is PHPExtJS ? We build one of great web application framework that full integrated between both of Server and Client Side framework together. To support this particular Web application, the frameworks are built using Yii PHP Framework to provide service for the client requests. Additionally, this web application also contain of latest ExtJS framework to provide high performance application interfaces such as native apps. Features: - Ext JS CRUD (Create, Read, Update, Delete) Code Generator - RESTful HTTP method (PUT, DELETE, UPDATE, GET) - ExtJS MVC - RBAC application architecture - Dynamic tree menu CSRF attack prevention by default You can download 2 version of phpextjs, there is standart and desktop version Here is link download Standart version : https://github.com/sani-iman-pribadi/phpextjs_standart/archive/master.zip Desktop version https://github.com/sani-iman-pribadi/phpextjs_desktop/archive/master.zip

!!! NOTE !!! The latest file upload (Simple.zip) is a simplified version of the Starter Framework meant for single-schema applications. It only offers logging, error handling and table-driven parameters (with a few extra supporting packages for writing to screen and file, and manipulating dates, strings and numbers). In order to access the simplified framework, click "Browse All Files" and choose the plsqlfmwksimplet folder, then the 2.1 folder. Download Simple.zip. The full framework (Starter_Full_2.0.zip) is meant for multiple applications resident in multiple schemas on the same database, where the common framework is shared between them all. It is a collection of PL/SQL packages and related tables, which provide a starter framework for custom PL/SQL-based applications. Save months of design/build time. Includes logging, debugging, timing, locks, common messages, file reading/writing/management, email from within the DB, user/role security, and more.

PRE4J (Partial RDF Encryption API for Jena) is a lightweight API for encrypting selected RDF graph elements. PRE4J provides cryptographic extensions to the Jena Semantic Web Framework.

Fully customizable and localizable controllers and views (e.g. Play Authenticate allows you to define your own controllers and views for every visual step of the signup and/or log in process). Completely dynamic URL generation for all views (uses the route file - means you can adapt the look and feel as much as you like). The sample shows how to do this with Twitter bootstrap. Linking of accounts (e.g. one local user with multiple authentication providers). Linking can be done automatically or after asking the user (default) Merge detection (e.g. a user created two unconnected local accounts) Account merge can be done automatically or after asking the user (default) Tight deadbolt2 authorization integration (Sample included). HTTPS support (for OAuth2 redirect links and email verification). Verification email used by Email/Password provider is fully customizable and localizable and can be sent in either text or HTML or both.

An acronym for cRoss-plAtform accesS control for Enterprise Applications. Rasea aims to become a reference in access control as a service based on the RBAC model.

The Realeyes IDS captures and analyzes full sessions. The graphical user interface will display both halves of captured sessions to determine what occurred. The GUI also provides management of application users, sensors, and the database.

A C library with support for logging, configuration, networking, message specification, semaphores, message queues, SSL, timing, epoll and email functionality.

SERENITY is an integrated EU-funded project, which creates the first practical secure and dependable solution for AmI ecosystems. A set of its results will gradually become available under LGPL under this open source project.

It uses a range of methods to evade EDR and AV while allowing the operator to continue using tooling and tradecraft they are familiar with. Its powered by Python 3.8 and C, and uses Donut for payload generation. By using Donut along with the process injection capabilities of SHAD0W, it provides the operator the ability to execute .NET assemblies, DLLs, EXEs, JS, VBS or XSLs fully inside the memory. Dynamically resolved syscalls are heavily used to avoid userland API hooking, anti-DLL injection to make it harder for EDR to load code into the beacons, and official Microsoft mitigation methods to protect spawn processes. Runs fully inside of Docker allowing cross-platform usage. SHAD0W is a modular C2 framework designed to successfully operate on mature environments. All traffic between beacons and the C2 are encrypted and transmitted over HTTPS.

We wish to explore the use of Java annotations for object validation, and specifically for input validation. The result should be a framework which should be easy to add to an existing application.

The Safe Math Library is a set of APIs designed to help mitigate the risk of arithmetic overflows. This library is modeled after ISO/IEC TR 24731.

SecFlow - Secure Flow Analyzation for Java and .NET

This project develops a secure P2P framework in Java (SePP). Existing P2P frameworks are not covering security by design but rather implement only some high layer security mechanisms. It has been developed as part of the EU project SMEPP (www.smepp.org)

The Security Annotation Framework (SAF) is an instance-level access control framework and field-level encryption framework driven by Java 5 annotations.

SharPyShell is a tiny and obfuscated ASP.NET web shell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C# web applications that run on .NET Framework >= 2.0. SharPyShell is a post-exploitation framework written in Python. The main aim of this framework is to provide the penetration tester with a series of tools to ease the post-exploitation phase once exploitation has been successful against an IIS webserver. This tool is not intended as a replacement for the frameworks for C2 Server (i.e. Meterpreter, Empire, etc..) but this should be used when you land on a fully restricted server where inbound and outbound connections are very limited. In this framework, you will have all the tools needed to privesc, net discovery, and lateral movement as you are typing behind the cmd of the target server.

Java-based security platform which provides a multi-user service middleware for distributed systems. Features: service environment, Shell-based interaction, user authentication (password, soft-token, smard-card), policy enforcement, Web services support