Security and PKI
Security and PKI
alienvault.com—Uncovers compromised systems in your network
atomist.com—A quicker and more convenient way to automate a variety of development tasks. Now in beta.
Bridgecrew—Infrastructure as code (IaC) security powered by the open source tool - Checkov. The core Bridgecrew platform is free for up to 50 IaC resources.
cloudsploit.com—Amazon Web Services (AWS) security and compliance auditing and monitoring
Cmd—Security platform providing real-time access control and dynamic policy enforcement on every Linux instance in your cloud or datacenter
CodeNotary.io—Open Source platform with indelible proof to notarize code, files, directories or container
crypteron.com—Cloud-first, developer-friendly security platform prevents data breaches in .NET and Java applications
CyberChef—A simple, intuitive web app for analysing and decoding/encoding data without having to deal with complex tools or programming languages. Like a swiss army knife of cryptography & encryption. All features are free to use, no limit. Open source, if you wish to self-host.
DAS—Styra DAS Free, Full lifecycle policy management to create, deploy and manage Open Policy Agent(OPA) authorization
Datree—Open Source CLI tool to prevent Kubernetes misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies
Dependabot Automated dependency updates for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java (Maven and Gradle), .NET, Go, Elm, Docker, Terraform, Git Submodules and GitHub Actions.
DJ Checkup—Scan your Django site for security flaws with this free, automated, checkup tool. Forked from the Pony Checkup site.
Doppler—Universal Secrets Manager for application secrets and config, with support for syncing to various cloud providers. Free for 5 users with basic access controls.
Dotenv—Sync your .env files, quickly & securely. Stop sharing your .env files over insecure channels like Slack and email, and never lose an important .env file again. Free for up to 3 teammates.
GitGuardian—Keep secrets out of your source code with automated secrets detection and remediation. Scan your git repos for 350+ types of secrets and sensitive files–Free for individuals and teams of 25 developers or less.
globalsign.com—Free SSL certificates for Open Source
Have I been pwned?—REST API for fetching the information on the breaches.
hostedscan.com—Online vulnerability scanner for web applications, servers, and networks. 10 free scans per month.
Internet.nl—Test for modern Internet Standards like IPv6, DNSSEC, HTTPS, DMARC, STARTTLS and DANE
keychest.net - SSL expiry management and cert purchase with an integrated CT database
letsencrypt.org—Free SSL Certificate Authority with certs trusted by all major browsers
meterian.io - Monitor Java, Javascript, .NET, Scala, Ruby and NodeJS projects for security vulnerabilities in dependencies. Free for one private project, unlimited projects for open source.
Mozilla Observatory—Find and fix security vulnerabilities in your site.
opswat.com—Security Monitoring of computers, devices, applications, configurations,…Free 25 users and 30 days history users.
pyup.io—Monitor Python dependencies for security vulnerabilities and update them automatically. Free for one private project, unlimited projects for open source.
qualys.com—Find web app vulnerabilities, audit for OWASP Risks
reCAPTCHAMe—free reCAPTCHA and hCAPTCHA backend service. No Server-Side coding needed. Works for static websites.
report-uri.io—CSP and HPKP violation reporting
ringcaptcha.com—Tools to use phone number as id, available for free
seclookup.com - Seclookup APIs can enrich domain threat indicators in SIEM, provide comprehensive information on domain names, improve threat detection & response. Get 50K lookups free here.
snyk.io—Can find and fix known security vulnerabilities in your open source dependencies. Unlimited tests and remediation for open source projects. Limited to 200 tests/month for your private projects.
ssllabs.com—Very deep analysis of the configuration of any SSL web server
StackHawk Automate application scanning throughout your pipeline to find and fix security bugs before they hit production. Unlimited scans and environments for a single app.
Sucuri SiteCheck - Free website security check and malware scanner
Protectumus - Free website security check, site antivirus and server firewall (WAF) for PHP. Email notifications for registered users in free tier.
TestTLS.com - Test a SSL/TLS service for secure server configuration, certificates, chains etc. Not limited to HTTPS.
threatconnect.com—Threat intelligence: It is designed for individual researchers, analysts and organizations who are starting to learn about cyber threat intelligence. Free up to 3 Users
tinfoilsecurity.com—Automated vulnerability scanning. Free plan allows weekly XSS scans
Ubiq Security—Encrypt and decrypt data with 3 lines of code and automatic key management. Free for 1 application and up to 1,000,000 encryptions per month.
Virgil Security—Tools and services for implementing end-to-end encryption, database protection, IoT security and more in your digital solution. Free for applications with up to 250 users.
Virushee—Privacy-oriented file/data scanning powered by hybrid heuristic and AI-assisted engine. Possible to use internal dynamic sandbox analysis. Limited to 50MB per file upload
Escape GraphQL Quickscan - One-click security scan of your GraphQL endpoints. Free, no login required.
Last updated