GitHub Archives - Help Net Security

GitHub

GoTestWAF: Open-source project for evaluating web application security solutions

December 20, 2021

GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, etc. It was …

CasaOS: Open-source home cloud based on the Docker ecosystem

December 13, 2021

For parents and families, the thought of someone gaining access to sensitive information can be nothing short of a nightmare. However, one group of developers are on a mission …

XMGoat: Open-source pentesting tool for Azure

December 8, 2021

XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within …

Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide

December 6, 2021

Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than …

Acra: Open-source database protection with field-level encryption and intrusion detection

December 2, 2021

Cossack Labs updated its flagship open-source product Acra database security suite to version 0.90.0 and made many of its core security features previously available only for …

GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts

November 17, 2021

GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …

Dependency Combobulator: Open source toolkit to combat dependency confusion attacks

November 10, 2021

Apiiro released Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The toolkit, available on GitHub, …

Popular npm package hijacked, modified to deliver cryptominers

October 26, 2021

Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …

ThreatMapper: Open source platform for scanning runtime environments

October 14, 2021

Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, …

KuberLogic open-source platform turns infrastructure into a managed PaaS

October 13, 2021

CloudLinux launched a new open-core project – KuberLogic – software that allows DevOps to set up scalable, self-healing PaaS on top of your Kubernetes cluster. Available on …

ARMO adds MITRE ATT&CK framework to its open-source Kubernetes testing tool

October 13, 2021

ARMO released an expanded version Kubescape, an open-source testing tool for Kubernetes environments that is compliant with the standards set forth in the Kubernetes Hardening …

YubiKey Bio Series supports fingerprint recognition for passwordless and second factor logins

October 7, 2021

Yubico launched YubiKey Bio Series, the first YubiKey series that supports fingerprint recognition for secure passwordless and second factor logins. Built for biometric …

GitHub

GoTestWAF: Open-source project for evaluating web application security solutions

CasaOS: Open-source home cloud based on the Docker ecosystem

XMGoat: Open-source pentesting tool for Azure

Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide

Acra: Open-source database protection with field-level encryption and intrusion detection

GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts

Dependency Combobulator: Open source toolkit to combat dependency confusion attacks

Popular npm package hijacked, modified to deliver cryptominers

ThreatMapper: Open source platform for scanning runtime environments

KuberLogic open-source platform turns infrastructure into a managed PaaS

ARMO adds MITRE ATT&CK framework to its open-source Kubernetes testing tool

YubiKey Bio Series supports fingerprint recognition for passwordless and second factor logins

Don't miss

A 2022 priority: Automated mobile application security testing

Fraud detection is great, but you also need prevention

Stealthy firmware bootkit leveraged by APT in targeted attacks

Google Drive starts warning users about suspicious files

New infosec products of the week: January 21, 2022