Open Source Mac Security Software - Page 20
Sort By:
Security Software for Mac
View 896 business solutions-
Gen AI apps are built with MongoDB AtlasMongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
Laravel Socialite
Laravel wrapper around OAuth 1 & OAuth 2 libraries
Laravel Socialite provides an expressive, fluent interface to OAuth authentication with Facebook, Twitter, Google, LinkedIn, GitHub, GitLab and Bitbucket. It handles almost all of the boilerplate social authentication code you are dreading writing. Laravel Socialite provides an expressive, fluent interface to OAuth authentication with Facebook, Twitter, Google, LinkedIn, GitHub, GitLab and Bitbucket. It handles almost all of the boilerplate social authentication code you are dreading writing. To get started with Socialite, use the Composer package manager to add the package to your project's dependencies. When upgrading to a new major version of Socialite, it's important that you carefully review the upgrade guide. Before using Socialite, you will need to add credentials for the OAuth providers your application utilizes. -
2
MozDef
MozDef: Mozilla Enterprise Defense Platform
MozDef aims to bring real-time incident response and investigation to the defensive toolkits of security operations groups in the same way that Metasploit, LAIR, and Armitage have revolutionized the capabilities of attackers. We use MozDef to ingest security events, alert us to security issues, investigate suspicious activities, handle security incidents, and visualize and categorize threat actors. The real-time capabilities allow our security personnel all over the world to work collaboratively even though we may not sit in the same room together and see changes as they occur. The integration plugins allow us to have the system automatically respond to attacks in a preplanned fashion to mitigate threats as they occur. -
3
Naxsi
Open-source, high performance, low rules maintenance WAF for NGINX
Technically, it is a third-party Nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not supposed to be part of a URI. Being very simple, those patterns may match legitimate queries, it is Naxsi's administrator duty to add specific rules that will whitelist legitimate behaviors. The administrator can either add whitelists manually by analyzing nginx's error log, or (recommended) start the project with an intensive auto-learning phase that will automatically generate whitelisting rules regarding a website's behavior. In short, Naxsi behaves like a DROP-by-default firewall, the only task is to add required ACCEPT rules for the target website to work properly. -
4
OAuthLib
A generic, spec-compliant, thorough implementation of the OAuth
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic for Python 3.8+. OAuthLib is a framework which implements the logic of OAuth1 or OAuth2 without assuming a specific HTTP request object or web framework. Use it to graft OAuth client support onto your favorite HTTP library, or provide support onto your favourite web framework. If you're a maintainer of such a library, write a thin veneer on top of OAuthLib and get OAuth support for very little effort. -
Simple, Secure Domain RegistrationRegister or renew your domain and pay only what we pay. No markups, hidden fees, or surprise add-ons. Choose from over 400 TLDs (.com, .ai, .dev). Every domain is integrated with Cloudflare's industry-leading DNS, CDN, and free SSL to make your site faster and more secure. Simple, secure, at-cost domain registration.
-
5
OTPLib
One Time Password (OTP) / 2FA for Node.js and Browser
A JavaScript library for generating and verifying one-time passwords (TOTP/HOTP), commonly used for two-factor authentication (2FA). -
6
OWASP WrongSecrets
Vulnerable app with examples showing how to not use secrets
Welcome to the OWASP WrongSecrets game! The game is packed with real life examples of how to not store secrets in your software. Each of these examples is captured in a challenge, which you need to solve using various tools and techniques. Solving these challenges will help you recognize common mistakes & can help you to reflect on your own secrets management strategy. -
7
Open Source API Firewall by Wallarm
Fast and light-weight API proxy firewall for request and response
API Firewall is a high-performance proxy with API request and response validation based on OpenAPI/Swagger schema. It is designed to protect REST API endpoints in cloud-native environments. API Firewall provides API hardening with the use of a positive security model allowing calls that match a predefined API specification for requests and responses, while rejecting everything else. -
8
OpenPGP.js
OpenPGP implementation for JavaScript
This project aims to provide an Open Source OpenPGP library in JavaScript so it can be used on virtually every device. Instead of other implementations that are aimed at using native code, OpenPGP.js is meant to bypass this requirement (i.e. people will not have to install gpg on their machines in order to use the library). The idea is to implement all the needed OpenPGP functionality in a JavaScript library that can be reused in other projects that provide browser extensions or server applications. It should allow you to sign, encrypt, decrypt, and verify any kind of text, in particular e-mails, as well as managing keys. Version 3.0.0 of the library introduces support for public-key cryptography using elliptic curves. We use native implementations on browsers and Node.js when available. -
9
PHP-Casbin
An authorization library that supports access control models
An authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. Besides memory and file, Casbin policy can be stored into lots of places. Currently, dozens of databases are supported, from MySQL, Postgres, Oracle to MongoDB, Redis, Cassandra, AWS S3. Check the full supported list at: adapters. Casbin is implemented in Golang, Java, PHP and Node.js. All implementations share the same API and behaviors. You can learn Casbin once and use it everywhere. -
Build Securely on Azure with Proven FrameworksMoving to the cloud brings new challenges. How can you manage a larger attack surface while ensuring great network performance? Turn to Fortinet’s Tested Reference Architectures, blueprints for designing and securing cloud environments built by cybersecurity experts. Learn more and explore use cases in this white paper.
-
10
Personal Security Checklist
A compiled checklist of 300+ tips for protecting digital security
Personal Security Checklist is a comprehensive, plain-language checklist for improving personal digital security and privacy across devices, accounts, and everyday workflows. It’s organized so that complete beginners can make quick, high-impact changes, while advanced users can dig into deeper hardening steps. The guidance spans topics like passwords, 2FA, device encryption, browser hygiene, network safety, backups, and incident response planning. Each section breaks recommendations into actionable, bite-sized items with brief explanations, helping you understand the “why” as well as the “how.” The repository is continuously refined by a large community, which keeps the content practical, vendor-neutral, and up to date with evolving threats and best practices. It also encourages threat modeling, matching the steps you take to the risks you actually face, so you can prioritize effectively without getting overwhelmed. -
11
PyRDP
RDP monster-in-the-middle (mitm) and library for Python
PyRDP is a Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library. -
12
Respect\Validation
The most awesome validation engine ever created for PHP
For certain types you can't make comparisons out of the box in PHP but Validation brings support to a few of them. You can also create and use your own rules. To do this, you will need to create a rule and an exception to go with the rule. Each rule must have an Exception to go with it. Exceptions should be named with the name of the rule followed by the word Exception. The process of creating an Exception is similar to creating a rule but there are no methods in the Exception class. On oldest versions of Respect\Validation all validators treat input as optional and accept an empty string input as valid. Even though a useful feature that caused a lot of troubles for our team and neither was an obvious behavior. Also there was some people who likes to accept null as optional value, not only an empty string. -
13
SafeLine
Serve as a reverse proxy to protect your web services from attacks
SafeLine is a self-hosted WAF(Web Application Firewall) to protect your web apps from attacks and exploits. A web application firewall helps protect web apps by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web apps from attacks such as SQL injection, XSS, code injection, os command injection, CRLF injection, LDAP injection, XPath injection, RCE, XXE, SSRF, path traversal, backdoor, brute force, HTTP-flood, bot abuse, among others. By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application. -
14
Scout Suite
Multi-cloud security auditing tool
Scout Suite is an open-source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically. Scout Suite was designed by security consultants/auditors. It is meant to provide a point-in-time security-oriented view of the cloud account it was run in. Once the data has been gathered, all users may be performed offline. Our self-service cloud account monitoring platform, NCC Scout, is a user-friendly SaaS providing you with the ability to constantly monitor your public cloud accounts, allowing you to check they’re configured to comply with industry best practice. -
15
Sigma
Main Sigma Rule Repository
Welcome to the Sigma main rule repository. The place where detection engineers, threat hunters and all defensive security practitioners collaborate on detection rules. The repository offers more than 3000 detection rules of different type and aims to make reliable detections accessible to all at no cost. Sigma is an open-source tool for defining generic detection rules for security event logs, enabling security professionals to detect threats across platforms. -
16
Socialite
Socialite is an OAuth2 Authentication tool
Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel. Socialite is an OAuth2 authentication tool. It is inspired by laravel/socialite , you can easily use it in any PHP project. The tool now supports the following platforms: Facebook, Github, Google, Linkedin, Outlook, QQ, TAPD, Alipay, Taobao, Baidu, DingTalk, Weibo, WeChat, Douyin, Feishu, Lark, Douban, Enterprise WeChat, Tencent Cloud, Line, Gitee, Coding. Users only need to create corresponding configuration variables, and then use tools to create authentication applications for each platform, and easily obtain the access_token and user-related information of the platform. For details about the tool implementation logic, refer to the OAuth2 documents of major platforms. -
17
Splunk Attack Range
A tool that allows you to create vulnerable environments
The Splunk Attack Range is an open-source project maintained by the Splunk Threat Research Team. It builds instrumented cloud (AWS, Azure) and local environments (Virtualbox), simulates attacks, and forwards the data into a Splunk instance. This environment can then be used to develop and test the effectiveness of detections. -
18
Stacklok Minder
Software Supply Chain Security Platform
Minder by Stacklok is an open source platform that helps development teams and open source communities build more secure software, and prove to others that what they’ve built is secure. Minder helps project owners proactively manage their security posture by providing a set of checks and policies to minimize risk along the software supply chain and attest their security practices to downstream consumers. Minder allows users to enroll repositories and define policies to ensure repositories and artifacts are configured consistently and securely. Policies can be set to alert only or autoremediate. Minder provides a predefined set of rules and can also be configured to apply custom rules. Minder can be deployed as a Helm chart and provides a CLI tool ‘minder’. Minder is designed to be extensible, allowing users to integrate with their existing tooling and processes. -
19
StarHackIt
StarHackIt: React/Native/Node fullstack starter kit
StarHackIt: React/Native/Node full-stack starter kit with authentication and authorization, data backed by SQL, the infrastructure deployed with GruCloud. -
20
Tempesta FW
All-in-one solution for high performance web content delivery
Tempesta FW is an all-in-one open-source solution for high performance web content delivery and advanced protection against DDoS and web attacks. This is a drop-in-replacement for the whole web server frontend infrastructure: an HTTPS load balancer, a web accelerator, a DDoS mitigation system, and a web application firewall (WAF). Tempesta FW is the first and only hybrid of a Web accelerator and a multi-layer firewall. This unique architecture provides seamless integration with the Linux iptables or nftables. Tempesta FW services up to 1.8M HTTP requests per second on the cheapest hardware, which is x3 faster than Nginx or HAProxy. Tempesta TLS is about 40-80% faster than Nginx/OpenSSL and provides up to x4 lower latency. -
21
Tetragon
eBPF-based Security Observability and Runtime Enforcement
Tetragon is a flexible Kubernetes-aware security observability and runtime enforcement tool that applies policy and filtering directly with eBPF, allowing for reduced observation overhead, tracking of any process, and real-time enforcement of policies. Observe the complete lifecycle of every process on your machine with Kubernetes context awareness. Translate high-level policies for file monitoring, network observability, container security, and more into low-overhead eBPF programs. Synchronous monitoring, filtering, and enforcement completely in the kernel with eBPF. -
22
ThinkTs
Based on koa and typeorm,asynchronous non blocking reactive coding
Based on koa and Typeform, asynchronous nonblocking reactive coding, and a real MVC web framework, inspired by [ThinkPHP + Nestjs + FastAPI], it is also the fastest development speed and fastest performance. -
23
UFW Docker
To fix the Docker and UFW security flaw without disabling iptables
UFW is a popular iptables front end on Ubuntu that makes it easy to manage firewall rules. But when Docker is installed, Docker bypasses the UFW rules and the published ports can be accessed from outside. Almost all of these solutions are similar. It requires disabling docker's iptables function first, but this also means that we give up docker's network management function. This causes containers will not be able to access the external network. It is also mentioned in some articles that you can manually add some rules in the UFW configuration file, such as -A POSTROUTING! -o docker0 -s 172.17.0.0/16 -j MASQUERADE. But this only allows containers that belong to network 172.17.0.0/16 can access outside. If we create a new docker network, we must manually add similar iptables rules for the new network. -
24
Wabe
Your backend in minutes not days
Wabe is an open-source backend that allows you to create your own fully customizable backend in just a few minutes. It handles database access, automatic GraphQL API generation, authentication with various methods (classic or OAuth), permissions, security, and more for you. -
25
aws-encryption-sdk
AWS Encryption SDK
The AWS Encryption SDK is a client-side encryption library designed to make it easy for everyone to encrypt and decrypt data using industry standards and best practices. It enables you to focus on the core functionality of your application, rather than on how to best encrypt and decrypt your data. The AWS Encryption SDK is provided free of charge under the Apache 2.0 license. With the AWS Encryption SDK, you define a master key provider (Java and Python) or a keyring (C, C#/.NET, and JavaScript) that determines which wrapping keys you use to protect your data. Then you encrypt and decrypt your data using straightforward methods provided by the AWS Encryption SDK. The AWS Encryption SDK does the rest. Without the AWS Encryption SDK, you might spend more effort on building an encryption solution than on the core functionality of your application.