# Security and PKI ## Security and PKI * [alienvault.com](https://www.alienvault.com/open-threat-exchange/reputation-monitor)—Uncovers compromised systems in your network * [atomist.com](https://atomist.com/)—A quicker and more convenient way to automate a variety of development tasks. Now in beta. * [Bridgecrew](https://bridgecrew.io/)—Infrastructure as code (IaC) security powered by the open source tool - [Checkov](https://github.com/bridgecrewio/checkov). The core Bridgecrew platform is free for up to 50 IaC resources. * [cloudsploit.com](https://cloudsploit.com/)—Amazon Web Services (AWS) security and compliance auditing and monitoring * [Cmd](https://cmd.com/)—Security platform providing real-time access control and dynamic policy enforcement on every Linux instance in your cloud or datacenter * [CodeNotary.io](https://www.codenotary.io/)—Open Source platform with indelible proof to notarize code, files, directories or container * [crypteron.com](https://www.crypteron.com/)—Cloud-first, developer-friendly security platform prevents data breaches in .NET and Java applications * [CyberChef](https://gchq.github.io/CyberChef/)—A simple, intuitive web app for analysing and decoding/encoding data without having to deal with complex tools or programming languages. Like a swiss army knife of cryptography & encryption. All features are free to use, no limit. Open source, if you wish to self-host. * [DAS](https://signup.styra.com/)—Styra DAS Free, Full lifecycle policy management to create, deploy and manage Open Policy Agent(OPA) authorization * [Datree](https://www.datree.io/)—Open Source CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies * [Dependabot](https://dependabot.com/) Automated dependency updates for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java (Maven and Gradle), .NET, Go, Elm, Docker, Terraform, Git Submodules and GitHub Actions. * [DJ Checkup](https://djcheckup.com)—Scan your Django site for security flaws with this free, automated, checkup tool. Forked from the Pony Checkup site. * [Doppler](https://doppler.com/)—Universal Secrets Manager for application secrets and config, with support for syncing to various cloud providers. Free for 5 users with basic access controls. * [Dotenv](https://dotenv.org/)—Sync your .env files, quickly & securely. Stop sharing your .env files over insecure channels like Slack and email, and never lose an important .env file again. Free for up to 3 teammates. * [GitGuardian](https://www.gitguardian.com)—Keep secrets out of your source code with automated secrets detection and remediation. Scan your git repos for 350+ types of secrets and sensitive files–Free for individuals and teams of 25 developers or less. * [globalsign.com](https://www.globalsign.com/en/ssl/ssl-open-source/)—Free SSL certificates for Open Source * [Have I been pwned?](https://haveibeenpwned.com)—REST API for fetching the information on the breaches. * [hostedscan.com](https://hostedscan.com)—Online vulnerability scanner for web applications, servers, and networks. 10 free scans per month. * [Internet.nl](https://internet.nl)—Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE * [keychest.net](https://keychest.net) - SSL expiry management and cert purchase with an integrated CT database * [letsencrypt.org](https://letsencrypt.org/)—Free SSL Certificate Authority with certs trusted by all major browsers * [meterian.io](https://www.meterian.io/) - Monitor Java, Javascript, .NET, Scala, Ruby and NodeJS projects for security vulnerabilities in dependencies. Free for one private project, unlimited projects for open source. * [Mozilla Observatory](https://observatory.mozilla.org/)—Find and fix security vulnerabilities in your site. * [opswat.com](https://www.opswat.com/)—Security Monitoring of computers, devices, applications, configurations,…Free 25 users and 30 days history users. * [pyup.io](https://pyup.io)—Monitor Python dependencies for security vulnerabilities and update them automatically. Free for one private project, unlimited projects for open source. * [qualys.com](https://www.qualys.com/community-edition)—Find web app vulnerabilities, audit for OWASP Risks * [reCAPTCHAMe](https://recaptchame.com/)—free reCAPTCHA and hCAPTCHA backend service. No Server-Side coding needed. Works for static websites. * [report-uri.io](https://report-uri.io/)—CSP and HPKP violation reporting * [ringcaptcha.com](https://ringcaptcha.com/)—Tools to use phone number as id, available for free * [seclookup.com](https://seclookup.com/) - Seclookup APIs can enrich domain threat indicators in SIEM, provide comprehensive information on domain names, improve threat detection & response. Get 50K lookups free [here](https://account.seclookup.com/). * [snyk.io](https://snyk.io)—Can find and fix known security vulnerabilities in your open source dependencies. Unlimited tests and remediation for open source projects. Limited to 200 tests/month for your private projects. * [ssllabs.com](https://www.ssllabs.com/ssltest/)—Very deep analysis of the configuration of any SSL web server * [StackHawk](https://www.stackhawk.com/) Automate application scanning throughout your pipeline to find and fix security bugs before they hit production. Unlimited scans and environments for a single app. * [Sucuri SiteCheck](https://sitecheck.sucuri.net) - Free website security check and malware scanner * [Protectumus](https://protectumus.com) - Free website security check, site antivirus and server firewall (WAF) for PHP. Email notifications for registered users in free tier. * [TestTLS.com](https://testtls.com) - Test a SSL/TLS service for secure server configuration, certificates, chains etc. Not limited to HTTPS. * [threatconnect.com](https://threatconnect.com)—Threat intelligence: It is designed for individual researchers, analysts and organizations who are starting to learn about cyber threat intelligence. Free up to 3 Users * [tinfoilsecurity.com](https://www.tinfoilsecurity.com/)—Automated vulnerability scanning. Free plan allows weekly XSS scans * [Ubiq Security](https://ubiqsecurity.com/)—Encrypt and decrypt data with 3 lines of code and automatic key management. Free for 1 application and up to 1,000,000 encryptions per month. * [Virgil Security](https://virgilsecurity.com/)—Tools and services for implementing end-to-end encryption, database protection, IoT security and more in your digital solution. Free for applications with up to 250 users. * [Virushee](https://virushee.com/)—Privacy-oriented file/data scanning powered by hybrid heuristic and AI-assisted engine. Possible to use internal dynamic sandbox analysis. Limited to 50MB per file upload * [Escape GraphQL Quickscan](https://escape.tech/) - One-click security scan of your GraphQL endpoints. Free, no login required. [**⬆ back to top**](#table-of-contents) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://whoisdsmith.gitbook.io/freesources/readme/security-and-pki.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.