Advertise here with BSA

Cryptico.js is an easy-to-use JavaScript library for encrypting text on the client-side.

It has support for RSA + AES methods and the text can be encrypted with any given bit length (228, 1024, etc.).

The content is encrypted with a public key and it can only be decrypted with that key (which makes sense if the recipient already has that information).

Cryptico.js doesn't require any JS frameworks to function and it is well-documented.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)

Advertise here with BSA

Captchas are usually hard to use and boring. However they help a lot in minimizing headaches on the application-side by making sure that "an action is performed by a human".

MotionCAPTCHA, a jQuery plugin, offers a different type of captcha by asking the users to draw the shape displayed. It is not only different but also fun and can even be easier to-use for touch devices.

The project is currently a proof-of-concept considering the captcha is only verified on the client-side and can be manipulated. However, the next version is planned to have server-side and better browser support. Looking forward to it!

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)

Advertise here with BSA

NuCaptcha is a free captcha service that uses motion video to authenticate human web interactions.

Compared to image-based captchas, it is a harder-to-recognize solution for bots and can be read easier by humans which is great.

With the help of an API, NuCaptcha can be implemented into any website (sample codes provided) and there is also a WordPress plugin offered.

The captchas can be customized in means of skin, background and message displayed which helps a better visual integration with the websites.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)

Advertise here with BSA

Websites are getting more and more complex everyday and there are almost no static websites being built.

Today, the simplest website has at least a contact or newsletter form and many are built with CMS systems or it may be using 3rd party plugins, services, etc. that we don't have an exact control over.

Even if the website is 100% hand-coded, we trust what we created and think that it is safe, it is still possible that a special character is not sanitized or we are not aware of a new attacking technique.

So, it is really hard to say "my website is safe" without running tests over it. The good part is there are powerful and free web application security testing tools which can help you to identify any possible holes.

Before presenting them, let's remind the classic: "something can be secure as only as its weakest link" (which also tells us that it is not always the application and can still be the server it is hosted or that easy to remember FTP password).

Netsparker Community Edition (Windows)

This is the free-community edition of the powerful Netsparker which still comes with a bunch of features and also false-positive-free.

The application can detect SQL Injection + cross-site scripting issues.

Once a scan is complete, it displays the solutions besides the issues and enables you to see the browser view and HTTP request/response.

Websecurify (Windows, Linux, Mac OS X)

Websecurify is a very easy-to-use and open source tool which automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies.

It can create simple reports (that can be exported into multiple formats) once ran.

The tool is also multilingual and extensible with the add-on support.

Wapiti (Windows, Linux, Mac OS X)

Wapiti is an open source and web-based tool that scans the web pages of the deployed web applications, looking for scripts and forms where it can inject data.

It is built with Python and can detect:

• File handling errors (Local and remote include/require, fopen, readfile…)
• Database, XSS, LDAP and CRLF injections (HTTP response splitting, session fixation…)
• Command execution detection (eval(), system(), passtru()…)

N-Stalker Free Version (Windows)

The free edition performs restricted-yet-still-powerful set of web security assessment checks compared to the paid versions of the application.

It can check up to 100 web pages at once including web server and cross-site scripting checks.

skipfish (Windows, Linux, Mac OS X)

skipfish is a fully automated and active web application security reconnaissance tool.

It is lightweight and pretty fast (can perform 2000 requests/second).

The application has automatic learning capabilities, on-the-fly wordlist creation and form autocompletion.

skipfish comes with low false positive, differential security checks which are capable of spotting a range of subtle flaws, including blind injection vectors.

Scrawlr (Windows)

Scrawlr is a free software for scanning SQL injection vulnerabilities on your web applications.

It is developed by HP Web Security Research Group in coordination with Microsoft Security Response Center.

Watcher (Windows)

It is a plugin for Fiddler (the awesome HTTP debugging proxy) and works as a passive-analysis tool for HTTP-based web applications.

Watcher runs silently in the background and interact with the web-application to apply 30+ tests (where new ones can be added) while you browse.

It will identify issues like cross-domain form POSTs, dangerous context-switching between HTTP and HTTPS, etc.

x5s (Windows)

x5s is again a plugin for Fiddler just like Watcher which is designed to find encoding and character transformation issues that can lead to XSS vulnerability.

It simply tests user-controlled input using special characters like <, >, ', and reviews how the output encodes the special characters.

Exploit-Me (Windows, Linux, Mac OS X)

Rather than using a proxy like most of the security testing tools, Exploit-Me directly integrates into Firefox.

It is a set of 3 add-ons:

• XSS-Me: for testing reflected XSS vulnerabilities
• SQL Inject Me: for testing SQL injection vulnerabilities
• Access-Me: for testing access vulnerabilities

They are all lightweight , work while you browse websites and simply inform you by adding extra styles to the objects with vulnerabilities

WebScarab (Windows, Linux, Mac OS X)

WebScarab is actually a proxy to sniff the HTTP(s) traffic and manipulate it.

However, it comes with features like "parameter fuzzer (for testing XSS and SQL injection vulnerabilities), or "CRLF injection (HTTP response splitting)" and more.

Acunetix Free Version (Windows)

This is the free and limited-featured version of a paid/pro product.

It performs a check on any website and identifies cross site scripting (XSS) vulnerabilities.

And, if you are looking to improve yourself in the area of web application security and need to play with an application legally, there is DVWA (damn vulnerable web app.) which is there for just this purpose.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)

Advertise here with BSA

PHPSecInfo is a PHP environment security auditing tool which can be useful as part of a multilayered security approach.

The script runs a series of tests to identify potential security issues and offer suggestions.

It can be reached easily by calling the "index.php" files after uploading the project folder.

PHP Security Consortium also has a PHP security guide which you may want to check out.

P.S. PhpSecInfo is definitely not a replacement for secure coding practices & doesn’t audit PHP code.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)

Advertise here with BSA

VidoopCAPTCHA is a free verification solution that works image-based which is unusual compared to the widely-used text-based ones.

It aims to be a more user-friendly solution as text-based captchas can sometimes be so hard to read for humans besides bots.

VidoopCaptcha is a hosted service & have plugins for WordPress, Ruby on Rails, and Drupal. Also, there are libraries for programming languages such as PHP, Python, and .NET.

It offers some customization options like category, number of grid squares, color & grid size. For a demo of this security resource, click here.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)

Advertise here with BSA

Normally, when a data is submitted, it is sent in plain text if no SSL is used.

jCryption is a jQuery plugin for encrypting POST/GET data submitted by forms.

It uses public-key algorithm of RSA for the encryption & has a PHP file for handling the decryption of data.

Some features of jCryption:

• encryption up to 2048 bit
• AjaxSubmit supported
• doesn’t block the browser on calculations

The plugin is easy to install, use and extend. Calling the jCryption function:

$("#formID").jCryption();

and handling the data with the ready-to-use PHP function is enough.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)

Advertise here with BSA

DesignShack is presenting a very nice tutorial on creating a virtual keyboard with jQuery (script can be downloaded).

Such virtual keyboards are generally used in bank websites or forms that require extra security. They are a step for preventing keyloggers (but may not be an absolute solution as keyloggers are getting smarter).

It is very easy to add new characters to the keyboard if needed & the keyboard can be dragged to anywhere on the screen.

To check the demo, click here.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)

Advertise here with BSA

Internet Captcha is a Flash-based captcha script which can be generated online with a configuration interface.

It lets you define all the variables of the captcha including the distortion level, color, Flash effect & more.

The configuration wizard created the necessary JavaScript and ASP / PHP files and shows how to install this captcha script step by step.

One nice feature of Internet Captcha is, it shows you the security level of the captcha you designed.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)

Advertise here with BSA

Scrawlr is a free software for scanning SQL injection vulnerabilities on your web applications.

It is developed by HP Web Security Research Group in coordination with Microsoft Security Response Center.

Scrawlr crawls a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.

After the scanning process, if it can find, it even shows your database table names as a proof of the possible SQL injection vulnerabilities.

Special Downloads:
Ajaxed Add-To-Basket Scenarios With jQuery And PHP
Free Admin Template For Web Applications
jQuery Dynamic Drag’n Drop
ScheduledTweets

Advertisements:
Professional XHTML Admin Template ($15 Discount With The Code: WRD.)
Psd to Xhtml
SSLmatic – Cheap SSL Certificates (from $19.99/year)