OpenSAML is a portable implementation of the Security Assertion Markup Language (SAML) standard for the formation and exchange of authentication, attribute, and authorization data using XML, as defined by OASIS. There are interfaces for a range of languages, including C++ and Java.
Shibboleth is a standards-based middleware software package providing Web single-sign-on across or within organizational boundaries. It implements standards such as OASIS' SAML to provide a federated single-sign-on and attribute exchange framework. It also provides extended privacy functionality, allowing the browser user and their home site to control the attributes released to each application.
Sleutel is a multi-platform password manager that is written using the Eclipse Rich Client Platform (RCP). Its goal is to manage password/ID pairs for accessing Web sites and to provide an example RCP application. It features configurable password generation, labeling of password entries (a la GMail), an intuitive UI following the Eclipse model, merge capabilities, and the ability to track usage count and dates of password entries. Sleutel is the Dutch word for key.
ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.
GridShib is a glue layer that transparently binds a grid service provider such as the Globus Toolkit to a role-based authentication and access control system such as Shibboleth, so as to provide fine-grained access controls to members of virtual and physical organizations within a grid without having to distribute and synchronize information about individual users between those organizations.
tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing. It is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), and for easy integration with UI testing harnesses.
Bunny the Fuzzer is a closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. It uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data.