Secure PHP HTML parser and filter is a PHP package that can be used to parse and filter out insecure HTML tags and CSS styles. It comes with a general purpose markup parser class that can parse any type of markup documents similar to HTML, XML, and DTD files. It also includes several other classes that can be chained together to retrieve the document token elements returned by the main markup parser class and filter the document elements in a useful way. The markup validator filter class validates a document against a DTD, eventually removing invalid tags and attributes. The safe HTML filter class uses several white lists to process HTML tags and data returned by the markup validator class and discards potentially harmful HTML tags and CSS that could be used to perform cross-site scripting (XSS) or cross-site request forgery (CSRF) security attacks. The filtered HTML tokens can be reassembled to return a well-formed and secure HTML document. The HTML links filter class can extract the links contained in an HTML document. The DTD parser and CSS parser are utility classes used by the other classes.
allowHTML is a PHP class that can be used to filter insecure HTML by following OWASP AntiSamy rules. It can parse HTML documents using DOM document objects and then remove unsafe tags, attributes, and CSS parameters. It uses a configurable whitelist to determine which tags, attributes, and CSS style parameters are allowed. The class may also apply filtering rules defined in a separate AntiSamy XML rules file.
StopHack is a simple to use and easy to install intrusion prevention system. It is fully adaptable and easily customized to your environment. It is built on top of proven bandwidth arbitration technology so the traffic passing through it won't be slowed down. Every packet is analyzed with regular expression-based behavior anomaly detection, and hackers are blocked immediately. It prevents reflected cross-site scripting, SQL injection, directory traversal, reflected URL redirects, login brute forcing, remote shell execution, and more.
Vega is a GUI-based, multi-platform Web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your Web applications. It also includes an intercepting/scanning proxy for interactive Web application debugging and fuzzing.