phpSecurePages is a PHP module to secure pages with a login name and password. It can handle multiple user groups (each with their own viewing rights), store data in a MySQL database or a configuration file, and be used to identify your Web site viewers. It also has multiple language support and optional IP-based access restrictions.
Expresso Framework is an open standards-based J2EE architectural framework that allows the developer to concentrate on application logic. It is a library of extensible Java Server application framework components for creating database-driven Web applications based on open standards. Expresso integrates with Apache Jakarta Struts, which emphasizes presentation and application configuration, and bringing a powerful tag library to Expresso. Expresso adds capabilities for security, robust object-relational mapping, background job handling and scheduling, self-tests, logging integration, automated table manipulation, database connection pooling, email connectivity, event notification, error handling, caching, internationalization, XML automation, testing, registration objects, configuration management, workflow, automatic database maintenance, and a JSP tag library.
WebAbility is an advanced Web development platform that contains WebFlow, a content management system (CMS), a security advanced system (SAS), a powerful workflow engine, and Web site wrappers. It supports multiple database connections, multiple languages, multiple presentation templates, page, script, and library versioning, XML and Web Services integration, and advanced security management. It uses plugins to extend the software for tasks such as e-commerce, portals, intranets, and editorial systems.
htmLawed is a PHP script that makes input text more secure, HTML standards-compliant, and suitable in general from the viewpoint of a Web-page administrator, for use in the body of HTML 4 or XHTML 1 or 1.1 documents. It is a customizable HTML/XHTML filter, processor, purifier, and sanitizer. It can ensure that HTML tags are balanced and properly nested tags, neutralize code that may be used for cross-site scripting (XSS) attacks, and limit the allowed HTML elements, tags, attributes, or URL protocols.
PHPCoder is a Web-based frontend to the Turck MMCache encoding functions, which are similar to the Zend Encoder product. PHPCoder enables you to encode your PHP scripts and applications into non-reversible bytecode, thus preventing users of your programs from viewing or altering the source code while having full functionality. Another excellent use for PHPCoder is to encode your applications PHP configuration files, that way someone viewing your source code does not see your databae login and password information. It also allows you to set restrictions on the encoded scripts, you can lock a script to a particular server IP address, server host name, visitor IP, or even place a time limit on the script so it will expire after a configurable amount of time. You specify Text, HTML, or PHP code that should be prepended and appended to each file before it is encoded, allowing you to easily and securely implement your own licensing scheme.
BEJY is a modular server application. It is packaged, by default, as a Web application container and mail server with SSL. It has functionality similar to inetd, and has some helper classes/functions to ease the implementation of new protocols. It provides a generic multithreaded TPC/IP server implementation with optional SSL support, covering the complete connection and thread management. Each supported service provides its protocol implementation. The current version comes with HTTP, SMTP, POP3, and IMAP protocol implementations. The HTTP protocol implementation also contains a servlet engine, a JSP 1.2 engine, a handler to invoke CGI, and other useful things. The mail protocols require a database using JDBC, as MySQL, MSSQL, and others.
Care2x (formerly Care 2002) is software for hospitals and health care organizations. It is designed to integrate the different information systems existing in these organizations into a single efficient system. It solves the problems inherent in a network of multiple programs that are incompatible with each other. It can integrate almost any type of services, systems, departments, clinics, processes, data, or communication that exist in a hospital. Its design can even handle non-medical services or functions like security or maintenance. All of its functions can be accessed with a Web browser, and all program modules are processed on the server side.
phpSecureSite is a modular authentication, session handling and security system for Web applications that was built using PHP. It features a stripped-down core that takes care of basic session handling, and modules for other functionality like brute force protection, session variables, and access control lists.
SQLIer takes an URL vulnerable to SQL injection attacks and attempts to determine all of the necessary information to build and exploit an SQL injection hole by itself. It requires no user interaction unless it can't guess the table/field names correctly. By doing so, it can build a UNION SELECT query designed to brute force passwords out of the database. It does not use quotes in the exploit, meaning it will work for a wider range of sites. An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately one minute to crack.
phpass is a portable password hashing framework for use in PHP applications. The preferred (most secure) hashing method supported by phpass is the OpenBSD-style bcrypt (known in PHP as CRYPT_BLOWFISH), with a fallback to BSDI-style extended DES-based hashes (known in PHP as CRYPT_EXT_DES), and a last resort fallback to an MD5-based variable iteration count password hashing method implemented in phpass itself.