NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not allowed. It's a powerful tool to prevent common web attacks. Naxsi is a powerful tool to prevent common web attacks, it's a third party nginx module that reads a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not allowed. It's a powerful tool to prevent common web attacks.
FEATURES
SIMILAR TOOLS
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.
A plugin for viewing, detecting weak configurations, and generating Content Security Policy headers.
A brute-force protection middleware for express routes that rate-limits incoming requests.
Static application security testing (SAST) tool for scanning source code against security and privacy risks.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.