Curated Cybersecurity Providers and Solutions
In One Directory

Scan Your Apps and Cloud Security for thousands of issues AutomatedFullDevSecOps app and cloud security toolchainacross your all environments. All the bestOpen SourceTools, researched, setup, ran together, unifed and de-duplicated results, so you don't have to do it. Added our own checkers also.Continuous Security. Fit for purpose and results

A general purpose network security scanner with an extensible plugin system for detecting high severity RCE-like vulnerabilities with high confidence. Custom detectors for finding vulnerabilities (e.g. open APIs) can be added.Benefits:Detecting high severity RCE-like vulnerabilities with high confidence. Custom detectors for finding vulnerabilitiesFeatures:High confidence. Custom detectors.

Find credentials all over the placeBenefits: When utilizing Truffle Security, you can easily discover credentials scattered across your project, ensuring that sensitive information is not inadvertently exposed. This proactive approach can help minimize security risks and potential breaches, enhancing the overall protection of your valuable data. Features: Truffle Security offers comprehensive capabilities to identify credentials in various locations within your project. By leveraging automated tools and advanced scanning techniques, the platform can efficiently pinpoint any instances where sensitive information such as passwords, API keys, or tokens may be at risk. With detailed insights and actionable recommendations, Truffle Security empowers you to strengthen the security posture of your applications and safeguard against unauthorized access.

Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations.BenefitsTerraform static analysis tool offers the benefit of preventing potential security issues by examining cloud misconfigurations during the build process. By integrating directly with the HCL parser, it is able to provide more precise and effective results, enhancing the overall security posture of cloud environments.FeaturesComprehensive checking for violations of AWS, Azure, and GCP security best practice recommendations, ensuring that cloud infrastructure is configured in alignment with industry standards and optimized for security.

Security Scorecards - Security health metrics for Open SourceBenefits: Security Scorecards provide a comprehensive way to assess the security health of open-source projects. By utilizing security metrics, users can easily evaluate the security posture of a project and make informed decisions regarding its usage and contributions. This transparency and visibility into project security help organizations manage risk more effectively and prioritize security improvements. With Security Scorecards, users can quickly identify security gaps and vulnerabilities within open-source projects. This proactive approach enables stakeholders to address security issues promptly, reducing the likelihood of successful cyberattacks and data breaches. By leveraging these insights, organizations can enhance the overall security of their software supply chain and foster a culture of collaboration and security awareness. Features: Security Scorecards offer a range of features to support security assessments of open-source projects. These metrics include factors such as code quality, vulnerability management, community engagement, and adoption of security best practices. By aggregating and visualizing these metrics, users can gain a holistic view of a project's security maturity and identify areas for improvement. The platform provides customizable scorecards that allow users to tailor security assessments to their specific requirements and priorities. Additionally, Security Scorecards integrate with popular repositories and issue trackers, streamlining the assessment process and ensuring that security evaluations are up to date. This seamless integration enhances the overall efficiency and effectiveness of security assessments for open-source projects.

A static security code scanner for Node.js applications powered by libsast and semgrep that builds on the njsscan cli tool. It features a UI with various dashboards about an application's security status.BenefitsA static security code scanner for Node.js applications powered by libsast and semgrep. Enhanced functionality that builds on the njsscan cli tool.FeaturesIncludes a user-friendly UI providing various dashboards to display an application's security status.

A static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep.Benefits A static application testing (SAST) tool specifically designed for node.js applications can efficiently identify insecure code patterns within your codebase. This helps in enhancing the overall security posture of your applications and minimizes the risk of potential vulnerabilities. Features Utilizes a simple pattern matcher from libsast to scan through the codebase and identify prevalent insecure coding patterns that could lead to security loopholes. Furthermore, the syntax-aware semantic code pattern search tool, semgrep, enhances the accuracy of the scanning process by leveraging its capability to comprehend the context and semantics of the code.

Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service.Benefits: Stay informed about vulnerabilities such as Log4Shell or node-ipc with an automatic notification system from this open-source AppSec platform. Be alerted promptly when new vulnerabilities are identified, allowing you to take proactive measures to address and mitigate potential risks. Effortlessly track your dependencies and builds in one centralized service. By having all your information in one place, you can easily monitor and manage your assets, ensuring that you are aware of any potential vulnerabilities impacting your projects. Features: The platform is open-source, providing transparency and the ability to customize and tailor the solution to meet your specific security needs. With the flexibility and control that come with an open-source solution, you can enhance and adapt the platform to align with your organization's security requirements. Automated notification system for vulnerabilities ensures that you are promptly informed about critical security threats that may impact your systems. By leveraging this feature, you can stay ahead of potential risks and vulnerabilities, enabling you to implement timely and effective security measures.

Lint an npm or yarn lockfile to analyze and detect security issuesBenefits Linting an npm or yarn lockfile helps in analyzing and detecting security issues proactively. By identifying vulnerabilities early on, developers can address security concerns before they escalate, reducing the risk of potential breaches and data leaks. This proactive approach enhances the overall security posture of the project and helps in maintaining a safer development environment. Features The tool provided by this URL offers comprehensive analysis capabilities for npm or yarn lockfiles. It can scan the lockfile with precision, flagging any security vulnerabilities or issues that may exist within the dependencies. The detection mechanism is designed to be thorough and reliable, providing developers with detailed insights into potential risks. Additionally, the tool may offer suggestions for remediation and best practices to address security concerns effectively.

Hunt for security weaknesses in Kubernetes clusters.Benefits: Hunt for security weaknesses in Kubernetes clusters with ease using kube-hunter. It helps identify vulnerabilities and misconfigurations that could potentially be exploited by attackers. Features: Kube-hunter offers a comprehensive set of tools and techniques to actively test the security of your Kubernetes clusters. It provides detailed insights and recommendations to improve the overall security posture of your cluster.

Fully cross-platform toolkit and library for MachO+Obj-C editing/analysis. Includes a cli kit, a curses GUI, ObjC header dumping, and much more.Benefits Fully cross-platform toolkit and library for MachO+Obj-C editing/analysis. It offers a wide range of tools and features designed to facilitate the editing and analysis of MachO and Obj-C files. Whether you are working on a Mac, Windows, or Linux system, this toolkit provides a seamless experience across different platforms. Features Includes a cli kit that allows you to perform various tasks via the command line interface, making it efficient and convenient for users who prefer using terminal commands. The curses GUI provides a user-friendly interface for those who prefer graphical interaction, offering a visual way to navigate through the toolkit's functionalities. ObjC header dumping is another useful feature that enables you to extract Objective-C headers, making it easier to analyze and understand the structures of Obj-C files. With a wide range of tools and capabilities, this toolkit offers much more than just basic editing and analysis functions.

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and AnsibleBenefits Discovering security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code is essential to maintaining a secure environment. By using KICS, you can proactively identify and address potential risks before they become serious threats to your operations. Features KICS supports popular infrastructure-as-code tools such as Terraform, Kubernetes, Docker, AWS CloudFormation, and Ansible, making it versatile and easily integrated into your existing workflow. This allows you to scan your infrastructure configurations efficiently and effectively, ensuring that they adhere to best practices and security standards.

The Kani Rust Verifier is a bit-precise model checker for Rust. Kani is particularly useful for verifying unsafe code blocks in Rust, where the "unsafe superpowers" are unchecked by the compiler. Kani verifies:Benefits The Kani Rust Verifier is a powerful tool designed specifically for verifying unsafe code blocks in Rust. This is particularly valuable as Rust allows developers to bypass certain safety checks using "unsafe" code, which can introduce potential vulnerabilities. Kani helps in ensuring that such vulnerable code blocks are thoroughly checked and verified, enhancing the overall security and reliability of Rust applications. Features Kani is a bit-precise model checker that offers detailed and precise verification capabilities for Rust code. It focuses on scrutinizing the unsafe code areas that often pose challenges in terms of correctness and safety. By using Kani, developers can gain confidence in the robustness of their Rust applications, as it thoroughly examines and validates the "unsafe superpowers" to detect and prevent potential issues before they can impact the program's execution.

iblessing is an iOS security exploiting toolkit. It can be used for reverse engineering, binary analysis and vulnerability mining.Benefits iblessing is a powerful iOS security exploiting toolkit that offers a wide range of capabilities for professionals in the field. Whether you are focused on reverse engineering, binary analysis, or vulnerability mining, iblessing provides the necessary tools to streamline your processes and enhance your understanding of iOS security mechanisms. Features With iblessing, users can benefit from a comprehensive suite of features designed to simplify the complexities of iOS security testing. From automated exploitation to in-depth binary analysis, iblessing offers an intuitive interface that facilitates efficient and effective security testing on iOS devices. Its versatile toolkit enables users to uncover vulnerabilities and develop robust strategies for enhancing the overall security posture of iOS applications.

Golang security analysis with a focus on minimizing false positives. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe.Benefits Golang security analysis with a focus on minimizing false positives. It is capable of tracing the source of variables and function arguments to determine whether input sources are safe. Features Gokart is a tool that provides security analysis specifically tailored for Golang applications. By tracing the source of variables and function arguments, Gokart enhances the ability to identify potential security vulnerabilities in the codebase. It focuses on minimizing false positives, ensuring that developers can accurately pinpoint areas that require attention in terms of security.