PHPCoder is a Web-based frontend to the Turck MMCache encoding functions, which are similar to the Zend Encoder product. PHPCoder enables you to encode your PHP scripts and applications into non-reversible bytecode, thus preventing users of your programs from viewing or altering the source code while having full functionality. Another excellent use for PHPCoder is to encode your applications PHP configuration files, that way someone viewing your source code does not see your databae login and password information. It also allows you to set restrictions on the encoded scripts, you can lock a script to a particular server IP address, server host name, visitor IP, or even place a time limit on the script so it will expire after a configurable amount of time. You specify Text, HTML, or PHP code that should be prepended and appended to each file before it is encoded, allowing you to easily and securely implement your own licensing scheme.
Ice is a modern alternative to object middleware such as CORBA or COM/DCOM/COM+. It is easy to learn, yet provides a powerful network infrastructure for demanding technical applications. It features an object-oriented specification language, easy to use C++ and Java mappings, a highly efficient protocol (including protocol compression), asynchronous method invocation and dispatch, dynamic transport plug-ins, TCP/IP and UDP/IP support, SSL-based security, a firewall solution, and much more.
Security Management and Risk Tracking (SMART) is a Web-based application to manage an information security program. This is a comprehensive solution that enables a corporation to manage an information security policy, information security policy exception handling, security certification and accreditation (SC&A), third party connection management, asset and vendor management, and issue tracking for different types of projects like security audit, pen testing, SOX, and so on.
Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.
RedWolf is a security threat simulator that tests security system effectiveness. Its threat generation capabilities include email, IM, malware, P2P, social networking, VoIP, DDoS, and many more. The guiding philosophy is that by generating realistic scenarios in a wide variety of categories, an auditor or organization can assess the effectiveness of network defenses. The scenario suite allows one to verify compliance with PCI-DSS, Sarbanes-Oxley, or HIPAA controls. RedWolf helps identify data loss risks and provides expert recommendations concerning risk mitigation. It reports present findings, recommendations, best practices, and blocking guidance in a straightforward, easily readable format. RedWolf also acts as a 'Red Team' agent, running drills to measure the readiness of your operations staff.
Lasso (Liberty Alliance Single Sign On) is an implementation of the Liberty Alliance specifications. These specifications define protocols for federated identities, single sign-on, etc. Lasso supports ID-FF 1.2, SAML 2.0, and parts of ID-WSF. It provides both a C library and bindings for several languages (Python, Java, Perl, PHP 4, and PHP 5).
The Enhanced File Crypt/eXtended File Stealth System (EFC/XFSS) makes your uploaded files safe on the server so that no one can read them without knowing a few details to decipher the files. It generates different obfuscated names and encrypted files so no one will know what the original format or name was.
DB_eSession is a feature-packed PHP class that stores session data in a MySQL database rather than files. It is powerful, designed with security in mind, and is easy to utilize. The code contains lots of comments, and it comes with full documentation and examples of how to use the class including a basic authentication login/logout process. It includes member functions useful (to webmasters) for monitoring or viewing, deleting, and altering sessions validity for the case of locking one or more sessions upon detection of unauthorized use.
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts that can be used separately or in combination. The first part is a small patch against the PHP core that implements a few low-level protections against buffer overflows or format string vulnerabilities. The second part is a powerful PHP extension that implements all the other protections. Suhosin is binary compatible with plain PHP installations.