Auth MemCookie is an Apache v2 authentication and authorization module based on a cookie authentication mechanism. The module doesn't do authentication by itself, but verifies if the cookie used for authentication is valid for each URL protected by the module. The module also validates whether the authenticated user has authorization to access the URL. Authentication is done externally through an authentication form page, and all authentication information necessary to the module is a stored in memcached.
Bunny the Fuzzer is a closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. It uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data.
The Enterprise Sign On Engine (ESOE) allows an enterprise to meet its goals for identity management, single sign on, authorization, federation, and accountability for resource access in a very extensible manner. The ESOE is built using the OASIS SAML 2.0 specification, and the ESOE's powerful authorization engine is built around a reduced version of the OASIS XACML 2.0 standard called Lightweight eXtensible Authorization Control Markup Language or "LXACML".
Google Authenticator Demo is an implementation of two-factor authentication using the Google Authenticator that can be used on your own site or application. It allows you to register a user name and then log in using the information provided by the Google Authenticator. It also works with OATH HOTP compliant hardware tokens.
GridShib is a glue layer that transparently binds a grid service provider such as the Globus Toolkit to a role-based authentication and access control system such as Shibboleth, so as to provide fine-grained access controls to members of virtual and physical organizations within a grid without having to distribute and synchronize information about individual users between those organizations.
Jumblar is a tool that converts map coordinates into passwords. It hopes to provide increased user security by assuming that it is easier for people to remember a secret location than a strong password, and that a location that could be anywhere in the world is practically impossible for others to guess. By using this property of secret locations, secure passwords can be generated. SCrypt is used to protect user information.
Keyczar is a cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. It supports authentication and encryption with both symmetric and asymmetric keys. Cryptography is easy to get wrong. Developers can choose improper cipher modes, use obsolete algorithms, compose primitives in an unsafe manner, or fail to anticipate the need for key rotation. Keyczar abstracts some of these details by choosing safe defaults, automatically tagging outputs with key version information, and providing a simple programming interface.
Netscape Security Wrapper manages the loading of NPAPI (Netscape Plugin API) plugins and applies simple policy decisions. The intention is to allow administrators to deploy deprecated, unreliable, or unsafe third party plugins while minimizing the security exposure. Safari, Google Chrome, Firefox, and other NPAPI-compatible browsers are supported on OS X and Linux. Use cases include: restricting plugins to certain domains, restricting the use of deprecated plugins to known outliers, allowing internal corporate workflows which use insecure or deprecated plugins without exposing the plugin to the hostile Internet, and allowing multiple outdated plugin versions (e.g., Java) to co-exist for use in whitelisted, trusted enterprise tools.
OpenSAML is a portable implementation of the Security Assertion Markup Language (SAML) standard for the formation and exchange of authentication, attribute, and authorization data using XML, as defined by OASIS. There are interfaces for a range of languages, including C++ and Java.