Every month we bring new and recently released applications and tools for our audience, today, We have collected 10 best security tools and applications for developers that will to help you simplify your website and development related tasks and keep your website a step ahead of the competition. We hope you will find a few of these Security Tools and Applications below beneficial to your development needs.
1. Skipfish : Fully Automated Web Application Security Scanner
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes.
The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.
2. jCryption : JavaScript HTML-Form Encryption Plugin
jCryption is a javascript HTML-Form encryption plugin, which encrypts the POST/GET-Data that will be sent when you submit a form. It uses the Multiple-precision and Barrett modular reduction libraries for the calculations and jQuery for the rest. jCryption is completly free and dual licensed under the MIT and GPL licenses like jQuery.
jCryption at it’s current state is no replacement for SSL, because there is no authentication, but the main goal of jCryption should be a very easy and fast to install plugin which offers a base level of security.
3. PHPSecInfo : Security Inforatmion about PHP Enviornment
PHP Security Consortium (PHPSC) is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community. Members of the PHPSC seek to educate PHP developers about security through a variety of resources, including documentation, tools, and standards. You can read the PHP Security Guide they have published. PHPSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.
4. Suhosin : Advanced Protection System for PHP
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
5. reCaptcha : Prevent Spam and Help Digitize Books
A CAPTCHA is a program that can tell whether its user is a human or a computer. You’ve probably seen them — colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from “bots,” or automated programs usually written to generate spam.
reCAPTCHA improves the process of digitizing books by sending words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher. More specifically, each word that cannot be read correctly by OCR is placed on an image and used as a CAPTCHA.
6. aSSL : Open Source Ajax Secure Service Layer
aSSL is a library distributed under MIT License thats implements a technology similar to SSL without HTTPS. aSSL enables the client to negotiate a secret random 128-bit key with the server using the RSA algorithm. Once the connection has been established, the data will be sent and received using AES algorithm. aSSL is composed of some Javascript files and a server side component. A pure Javascript (ASP) server component is currently available. They will do a porting for the main web languages (PHP, Java, Perl, Python, TKL, etc.) as soon as possible once the aSSL has passed the beta phase.
7. NetSparker Community Edition
This is the free-community edition of the powerful Netsparker which still comes with a bunch of features and also false-positive-free. The application can detect SQL Injection + cross-site scripting issues. Once a scan is complete, it displays the solutions besides the issues and enables you to see the browser view and HTTP request/response.
8. Websecurify
Websecurify is a very easy-to-use and open source tool which automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies. It can create simple reports (that can be exported into multiple formats) once ran. The tool is also multilingual and extensible with the add-on support.
9. PHPSecInfo
PHPSecInfo is a PHP environment security auditing tool which can be useful as part of a multilayered security approach. The script runs a series of tests to identify potential security issues and offer suggestions. It can be reached easily by calling the “index.php” files after uploading the project folder. PHP Security Consortium also has a PHP security guide which you may want to check out.
10. HTML Purifier
Secure input and data handling is hard when it comes to HTML because of many different types of malicious code (XSS). HTML Purifier is a well documented, standards-compliant HTML filter library written in PHP. It simply-
• Removes all malicious code (better known as XSS) with an audited, secure yet permissive whitelist.
• Makes sure your documents are standards compliant.
HTML Purifier requires PHP 5 (PHP 4 versions are not supported any more but can be downloaded). It saves so much time while developing & offers much more expertise than most of the self-coded data-handling libraries asHTML Purifier is concentrated only in this area.
