Security and PKI

Security and PKI

  • alienvault.com—Uncovers compromised systems in your network

  • atomist.com—A quicker and more convenient way to automate a variety of development tasks. Now in beta.

  • Bridgecrew—Infrastructure as code (IaC) security powered by the open source tool - Checkov. The core Bridgecrew platform is free for up to 50 IaC resources.

  • cloudsploit.com—Amazon Web Services (AWS) security and compliance auditing and monitoring

  • Cmd—Security platform providing real-time access control and dynamic policy enforcement on every Linux instance in your cloud or datacenter

  • CodeNotary.io—Open Source platform with indelible proof to notarize code, files, directories or container

  • crypteron.com—Cloud-first, developer-friendly security platform prevents data breaches in .NET and Java applications

  • CyberChef—A simple, intuitive web app for analysing and decoding/encoding data without having to deal with complex tools or programming languages. Like a swiss army knife of cryptography & encryption. All features are free to use, no limit. Open source, if you wish to self-host.

  • DAS—Styra DAS Free, Full lifecycle policy management to create, deploy and manage Open Policy Agent(OPA) authorization

  • Datree—Open Source CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies

  • Dependabot Automated dependency updates for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java (Maven and Gradle), .NET, Go, Elm, Docker, Terraform, Git Submodules and GitHub Actions.

  • DJ Checkup—Scan your Django site for security flaws with this free, automated, checkup tool. Forked from the Pony Checkup site.

  • Doppler—Universal Secrets Manager for application secrets and config, with support for syncing to various cloud providers. Free for 5 users with basic access controls.

  • Dotenv—Sync your .env files, quickly & securely. Stop sharing your .env files over insecure channels like Slack and email, and never lose an important .env file again. Free for up to 3 teammates.

  • GitGuardian—Keep secrets out of your source code with automated secrets detection and remediation. Scan your git repos for 350+ types of secrets and sensitive files–Free for individuals and teams of 25 developers or less.

  • globalsign.com—Free SSL certificates for Open Source

  • Have I been pwned?—REST API for fetching the information on the breaches.

  • hostedscan.com—Online vulnerability scanner for web applications, servers, and networks. 10 free scans per month.

  • Internet.nl—Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE

  • keychest.net - SSL expiry management and cert purchase with an integrated CT database

  • letsencrypt.org—Free SSL Certificate Authority with certs trusted by all major browsers

  • meterian.io - Monitor Java, Javascript, .NET, Scala, Ruby and NodeJS projects for security vulnerabilities in dependencies. Free for one private project, unlimited projects for open source.

  • Mozilla Observatory—Find and fix security vulnerabilities in your site.

  • opswat.com—Security Monitoring of computers, devices, applications, configurations,…Free 25 users and 30 days history users.

  • pyup.io—Monitor Python dependencies for security vulnerabilities and update them automatically. Free for one private project, unlimited projects for open source.

  • qualys.com—Find web app vulnerabilities, audit for OWASP Risks

  • reCAPTCHAMe—free reCAPTCHA and hCAPTCHA backend service. No Server-Side coding needed. Works for static websites.

  • report-uri.io—CSP and HPKP violation reporting

  • ringcaptcha.com—Tools to use phone number as id, available for free

  • seclookup.com - Seclookup APIs can enrich domain threat indicators in SIEM, provide comprehensive information on domain names, improve threat detection & response. Get 50K lookups free here.

  • snyk.io—Can find and fix known security vulnerabilities in your open source dependencies. Unlimited tests and remediation for open source projects. Limited to 200 tests/month for your private projects.

  • ssllabs.com—Very deep analysis of the configuration of any SSL web server

  • StackHawk Automate application scanning throughout your pipeline to find and fix security bugs before they hit production. Unlimited scans and environments for a single app.

  • Sucuri SiteCheck - Free website security check and malware scanner

  • Protectumus - Free website security check, site antivirus and server firewall (WAF) for PHP. Email notifications for registered users in free tier.

  • TestTLS.com - Test a SSL/TLS service for secure server configuration, certificates, chains etc. Not limited to HTTPS.

  • threatconnect.com—Threat intelligence: It is designed for individual researchers, analysts and organizations who are starting to learn about cyber threat intelligence. Free up to 3 Users

  • tinfoilsecurity.com—Automated vulnerability scanning. Free plan allows weekly XSS scans

  • Ubiq Security—Encrypt and decrypt data with 3 lines of code and automatic key management. Free for 1 application and up to 1,000,000 encryptions per month.

  • Virgil Security—Tools and services for implementing end-to-end encryption, database protection, IoT security and more in your digital solution. Free for applications with up to 250 users.

  • Virushee—Privacy-oriented file/data scanning powered by hybrid heuristic and AI-assisted engine. Possible to use internal dynamic sandbox analysis. Limited to 50MB per file upload

  • Escape GraphQL Quickscan - One-click security scan of your GraphQL endpoints. Free, no login required.

⬆ back to top

PreviousSearchNextSoftware DevDesign Tools

Last updated

Was this helpful?