Skip to content

Awesome secure by default libraries to help you eliminate bug classes!

Notifications You must be signed in to change notification settings

tldrsec/awesome-secure-defaults

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
 
 

Repository files navigation

awesome-secure-defaults

tl;dr sec Newsletter


Library Description Language(s) Category Metadata
helmetjs/helmet Helmet helps secure Express apps by setting HTTP response headers. NodeJS Headers stars last-commit
github/secure_headers Manages application of security headers with many safe defaults Ruby Headers stars last-commit
arkadiyt/ssrf_filter A ruby gem for defending against Server Side Request Forgery (SSRF) attacks Ruby SSRF stars last-commit
google/tink-crypto A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Java, C++, Go, Python, Obj-C Cryptography stars last-commit
cure53/DOMPurify A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG JavaScript HTML Sanitizer (XSS prevention) stars last-commit
mozilla/bleach An allowed-list-based HTML sanitizing library that escapes or strips markup and attributes Python HTML Sanitizer (XSS prevention) stars last-commit
pallets/markupsafe Safely add untrusted strings to HTML/XML markup. Python HTML Sanitizer (XSS prevention) stars last-commit
symfony/html-sanitizer Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. PHP HTML Sanitizer (XSS prevention) stars last-commit
null8626/decancer A tiny package that removes common unicode confusables/homoglyphs from strings. Rust,JavaScript (Node.js/Browser),C/C++,Java,Python (unofficial) Input Sanitization stars last-commit
davisjam/safe-regex Detect possibly catastrophic, exponential-time regular expressions JavaScript Regex stars last-commit
ikkisoft/SerialKiller Look-Ahead Java Deserialization Library Java Deserialization stars last-commit
paragonie/anti-csrf Full-Featured Anti-CSRF Library PHP CSRF stars last-commit
paragonie/constant_time_encoding Character encoding functions that do not leak information about what you are encoding/decoding via processor cache misses PHP Information Leakage stars last-commit
paragonie/halite High-level cryptography interface powered by libsodium PHP Cryptography stars last-commit
paragonie/ionizer Input Filter System for PHP Software PHP Input Filteration stars last-commit
paragonie/password_lock Wraps Bcrypt-SHA2 in Authenticated Encryption PHP Cryptography stars last-commit
jvoisin/snuffleupagus Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest! PHP Misc stars last-commit
BePsvPT/secure-headers PHP Secure Headers PHP Headers stars last-commit
gorilla/csrf Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services 🔒 Golang CSRF stars last-commit
justinas/nosurf CSRF protection middleware for Go. Golang CSRF stars last-commit
sdsdkkk/safe_redirect Keep Rails apps safe from open redirects Ruby on Rails Open Redirect stars last-commit
Shopify/redirect_safely Sanitize redirect_to URLs Ruby Open Redirect stars last-commit
Trendyol/safe-redirect Library which resolves open-redirection vulnerability when we need to make redirection to a path taken from query string. TypeScript Open Redirect stars last-commit
gorilla/securecookie Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications Golang CookieJar stars last-commit
google/safevalues Prevent Cross-Site Scripting vulnerabilities in TypeScript (and JavaScript). It is meant to be used together with tsec to provide strong security guarantees and help you deploy Trusted Types and other CSP restrictions in your applications TypeScript XSS stars last-commit
google/wuffs Parsing, decoding and encoding Untrusted File Formats Safely C File Handling stars last-commit
google/safeopen Safe-by-construction library with file open/create primitives for Golang that are not vulnerable to path traversal attacks Golang Path Traversal stars last-commit
google/safe-active-record A security middleware to defend against SQL injection in Ruby on Rails Active Record. Ruby SQLi stars last-commit
google/safetext Safe-by-construction libraries for producing formats like YAML Golang Injection stars last-commit
google/safehtml Immutable string-like types that wrap web types such as HTML, JavaScript and CSS. These wrappers are safe by construction against XSS and similar web vulnerabilities Golang XSS, etc. stars last-commit
google/securemessage A portable crypto library that exposes a restricted API that is secure by design, for use as a black-box building block in cryptographic protocols C++ Cryptography stars last-commit
google/re2 A fast, safe, thread-friendly alternative to backtracking regular expression engines C++ Regex stars last-commit
google/safearchive Safe-by-construction libraries for processing tar and zip archives, to replace unsafe alternatives like archive/tar and archive/zip that are at risk of path traversal attacks. Besides crafted filename entries in the archive, this library also protects from symbolic link attacks. Golang Zip Handling stars last-commit
google/go-safeweb A collection of libraries for writing secure-by-default HTTP servers in Go. Golang XSS, XSRF stars last-commit
doyensec/safeurl Implements a safeurl.Client wrapper around Go's native net/http.Client and performs validation on the incoming request against the configured allow and block lists. It also implements mitigation for DNS rebinding attacks. Golang SSRF stars last-commit
mustache/mustache Logic-less Ruby templates. Ruby Templating stars last-commit
Shopify/liquid Safe, customer facing template language for flexible web apps. Ruby Templating stars last-commit
handlebars-lang/handlebars.js Minimal templating on steroids. JavaScript Templating stars last-commit
salesforce/handlebars-php A simple, logic-less, yet powerful templating engine for PHP. PHP Templating stars last-commit
huggingface/safetensors This repository implements a new simple format for storing tensors safely (as opposed to pickle) and that is still fast (zero-copy). Python Packing/Unpacking stars last-commit
cloudflare/svg-hush Make arbitrary SVG files as benign and safe to serve as images in other common Web file formats Rust SVG stars last-commit
tiran/defusedxml Python-only workarounds and fixes for denial of service and other vulnerabilities in Python's XML libraries Python XXE stars last-commit
nahsra/antisamy a library for performing fast, configurable cleansing of HTML coming from untrusted sources Java Injection stars last-commit
OWASP/www-project-csrfguard The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens Java CSRF stars last-commit
y-mehta/ssrf-req-filter Module to prevent SSRF when sending requests in NodeJS. Blocks request to local and private IP addresses NodeJS SSRF stars last-commit
segmentio/ui-box's safeHref Allowlists safe protocols and sets rel values TypeScript XSS stars last-commit
vvo/iron-session 🛠 Secure, stateless, and cookie-based session library JavaScript CookieJar stars last-commit
cossacklabs/themis Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. iOS (Swift, Obj-C), Android (Java, Kotlin), React Native (iOS, Android), desktop Java, С/С++, Node.js, Python, Ruby, PHP, Go, Rust, WASM Cryptography stars last-commit
aws/http-desync-guardian Analyze HTTP requests to minimize risks of HTTP Desync attacks (precursor for HTTP request smuggling/splitting). Rust HTTP Desync stars last-commit
rust-ammonia/ammonia Repair and secure untrusted HTML Rust HTML Sanitizer (XSS prevention) stars last-commit
techgaun/plug_secex Adds various HTTP Headers to make Phoenix/Elixir app more secure Elixir Headers stars last-commit
TypeError/secure Secure 🔒 headers for Python web frameworks Python Headers stars last-commit
unrolled/secure HTTP middleware for Go that facilitates some quick security wins. Golang Multiple stars last-commit
juunas11/aspnetcore-security-headers Middleware for adding security headers to an ASP.NET Core application. .NET Headers stars last-commit
andrewlock/NetEscapades...SecurityHeaders Small package to allow adding security headers to ASP.NET Core websites .NET Headers stars last-commit
GaProgMan/OwaspHeaders.Core A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security .NET Headers stars last-commit
mganss/HtmlSanitizer Cleans HTML to avoid XSS attacks .NET HTML Sanitizer (XSS prevention) stars last-commit
Escape/GraphQL-Armor Highly customizable security middleware for various GraphQL server engines. Apollo Server, GraphQL Yoga, GraphQL-Helix, Node.js HTTP, GraphQL-Helix,GraphQL-WS, GraphQL-SSE, Azure Functions, Cloudflare Workers, Google Cloud Functions, Lambda AWS, type-graphql, nexus, express-graphql Multiple stars last-commit
microcosm-cc/bluemonday a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS Golang HTML Sanitizer (XSS prevention) stars last-commit
gradio-app/safehttpx Python library to prevent SSRF through wrapper around httpx.AsyncClient.get() Python SSRF stars last-commit

Infrastructure Security

Library Description Language(s) Category Metadata
HardenedBSD Hardened fork of FreeBSD with extra exploit mitigations and security hardening technologies C, C++, Shell, Other OS / ecosystem stars last-commit
GoogleContainerTools/distroless 🥑 Language focused docker images, minus the operating system. Docker Containers stars last-commit
chainguard-images/images Chainguard Images is a collection of container images designed for minimalism and security. Docker Containers stars last-commit
step-security/harden-runner Network egress filtering and runtime security for GitHub-hosted and self-hosted runners Github Actions CI/CD stars last-commit

Template

| [TKTK](https://github.com/TKTK) | TKTK | TKTK | TKTK |[![stars](https://badgen.net/github/stars/TKTK)](https://badgen.net/github/stars/TKTK) [![last-commit](https://badgen.net/github/last-commit/TKTK)](https://badgen.net/github/last-commit/TKTK) 

References

About

Awesome secure by default libraries to help you eliminate bug classes!

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published