Naxsi
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. It helps to identify potential security vulnerabilities in a web application by analyzing its code and identifying potential entry and exit points. Tracy provides a detailed report of the findings, making it easier for developers to understand and fix the issues.
A third-party Nginx module that prevents common web attacks by reading a small subset of simple rules containing 99% of known patterns involved in website vulnerabilities.
StaCoAn is a cross-platform tool for static code analysis on mobile applications, emphasizing the identification of security vulnerabilities.
Kiterunner is a tool for lightning-fast traditional content discovery and bruteforcing API endpoints in modern applications.
Hackazon is a free, vulnerable test site with an online storefront to train and test IT security professionals on various vulnerabilities like SQL Injection and cross-site scripting.
DECAF++ is a fast whole-system dynamic taint analysis framework with improved performance and elasticity.
A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.