Free Web Resources - Web Resources Depot » Security

PhpSecInfo: Similar To phpinfo() But Focused On Security

Umut M. — Tue, 25 Aug 2009 07:47:26 +0000

PHPSecInfo is a PHP environment security auditing tool which can be useful as part of a multilayered security approach.

The script runs a series of tests to identify potential security issues and offer suggestions.

It can be reached easily by calling the "index.php" files after uploading the project folder.

PHP Security Consortium also has a PHP security guide which you may want to check out.

P.S. PhpSecInfo is definitely not a replacement for secure coding practices & doesn’t audit PHP code.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
SSLmatic – Cheap SSL Certificates (from $19.99/year)
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: Php

Free Image-Based Captcha: VidoopCAPTCHA

Umut M. — Sun, 23 Aug 2009 05:01:39 +0000

VidoopCAPTCHA is a free verification solution that works image-based which is unusual compared to the widely-used text-based ones.

It aims to be a more user-friendly solution as text-based captchas can sometimes be so hard to read for humans besides bots.

VidoopCaptcha is a hosted service & have plugins for WordPress, Ruby on Rails, and Drupal. Also, there are libraries for programming languages such as PHP, Python, and .NET.

It offers some customization options like category, number of grid squares, color & grid size. For a demo of this security resource, click here.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
SSLmatic – Cheap SSL Certificates (from $19.99/year)
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: Drupal, Ruby on Rails, Wordpress

Data Encryption With JavaScript: jCryption

Umut M. — Sat, 08 Aug 2009 09:41:06 +0000

Normally, when a data is submitted, it is sent in plain text if no SSL is used.

jCryption is a jQuery plugin for encrypting POST/GET data submitted by forms.

It uses public-key algorithm of RSA for the encryption & has a PHP file for handling the decryption of data.

Some features of jCryption:

encryption up to 2048 bit
AjaxSubmit supported
doesn’t block the browser on calculations

The plugin is easy to install, use and extend. Calling the jCryption function:

$("#formID").jCryption();

and handling the data with the ready-to-use PHP function is enough.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
SSLmatic – Cheap SSL Certificates (from $19.99/year)
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: Javascript, RSA, SSL

jQuery Virtual Keyboard – For Safer Forms

Umut M. — Fri, 24 Oct 2008 05:01:00 +0000

DesignShack is presenting a very nice tutorial on creating a virtual keyboard with jQuery (script can be downloaded).

Such virtual keyboards are generally used in bank websites or forms that require extra security. They are a step for preventing keyloggers (but may not be an absolute solution as keyloggers are getting smarter).

It is very easy to add new characters to the keyboard if needed & the keyboard can be dragged to anywhere on the screen.

To check the demo, click here.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
SSLmatic – Cheap SSL Certificates (from $19.99/year)
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: Javascript

Flash Captcha Generator For ASP And PHP

Umut M. — Fri, 04 Jul 2008 05:01:52 +0000

Internet Captcha is a Flash-based captcha script which can be generated online with a configuration interface.

It lets you define all the variables of the captcha including the distortion level, color, Flash effect & more.

The configuration wizard created the necessary JavaScript and ASP / PHP files and shows how to install this captcha script step by step.

One nice feature of Internet Captcha is, it shows you the security level of the captcha you designed.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
SSLmatic – Cheap SSL Certificates (from $19.99/year)
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: ASP, Php

Free SQL Injection Vulnerability Scanner By HP

Umut M. — Sun, 29 Jun 2008 05:01:13 +0000

Scrawlr is a free software for scanning SQL injection vulnerabilities on your web applications.

It is developed by HP Web Security Research Group in coordination with Microsoft Security Response Center.

Scrawlr crawls a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.

After the scanning process, if it can find, it even shows your database table names as a proof of the possible SQL injection vulnerabilities.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
SSLmatic – Cheap SSL Certificates (from $19.99/year)
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: SQL

Open Source Web Application Firewall: ModSecurity

Umut M. — Wed, 21 May 2008 05:01:45 +0000

With over 70% of all attacks now carried out over the web application level.

Web application firewalls are used to create an external security layer to improve security, detection, and prevention of attacks before they hit web applications.

Web servers are well-equipped to log traffic for marketing analyses, but they are not good when it comes to logging of traffic to web applications.

ModSecurity is a web application firewall for Apache which makes full HTTP transaction logging possible, allowing complete requests and responses to be logged.

This web application firewall has an easy to use rule engine which creates the core of the system.

ModSecurity can monitor the HTTP traffic in real time, has other features like parallel text matching, Geo IP resolution, credit card number detection, support for content injection, automated rule updates, scripting & more.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
SSLmatic – Cheap SSL Certificates (from $19.99/year)
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: Apache, Logging

PHP Captcha Script: Securimage

Umut M. — Thu, 01 May 2008 05:01:23 +0000

Securimage is an free PHP captcha script used for protecting web forms from spam and abuse.

It can be easily installed and very well documented.

Different than the famous reCAPTCHA, which is web-based, Securimage is a downloadable solution that requires PHP and GD library to work.

Some feature of this captcha solution:

Show an image in just 3 lines of code
Validate submitted entries in less than 6 lines of code
Customizable code length
Choose the character set
TTF font support
Use custom GD fonts when TTF is not available
Easily add background images
Multi colored, angled, and transparent text options
Arched lines through text
Generates audible CAPTCHA files in wav format
Use a word list for creating CAPTCHA codes

You can find a demo of the captcha here.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
SSLmatic – Cheap SSL Certificates (from $19.99/year)
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: Php, TTF, Wav

HTML Filtering To Secure Websites With HTML Purifier

Umut M. — Thu, 28 Feb 2008 05:01:23 +0000

Secure input and data handling is hard when it comes to HTML because of many different types of malicious code (XSS).

HTML Purifier is a well documented, standards-compliant HTML filter library written in PHP. It simply:

Removes all malicious code (better known as XSS) with an audited, secure yet permissive whitelist.
Makes sure your documents are standards compliant.

HTML Purifier requires PHP 5 (PHP 4 versions are not supported any more but can be downloaded). It saves so much time while developing & offers much more expertise than most of the self-coded data-handling libraries as HTML Purifier is concentrated only in this area.

This open source secure data handling solution also has a comparison chart wih other HTML filters.

Some community-written plugins for CMS softwares, WYSIWYG editors can be found in the HTML Purifier website.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
SSLmatic – Cheap SSL Certificates (from $19.99/year)
Follow WebResourcesDepot At Twitter And Get More Resources!

Tags: Data, Html, Input, Php, Security, XSS

Free Web Resources - Web Resources Depot » Security

PhpSecInfo: Similar To phpinfo() But Focused On Security

Related posts

Free Image-Based Captcha: VidoopCAPTCHA

Related posts

Data Encryption With JavaScript: jCryption

Related posts

jQuery Virtual Keyboard – For Safer Forms

Related posts

Flash Captcha Generator For ASP And PHP

Related posts

Free SQL Injection Vulnerability Scanner By HP

Related posts

Open Source Web Application Firewall: ModSecurity

Related posts

PHP Captcha Script: Securimage

Some feature of this captcha solution:

Related posts

HTML Filtering To Secure Websites With HTML Purifier

Related posts