writings. blog posts
175deserialize. intentionally vulnerable API
30MalaRIA-Proxy. Proof of concept code (which means poor code quality) for a proxy abusing unrestricted cross domain policies.
23RESTful-Security. My talk from Javazone 2012
9ContentSecurityPolicy.Net. ASP.NET module for easily adding Content Security Policy through web.config. See readme below for syntax
9gofigure. Simple library for animated drawings of arrows, boxes and text in HTML5
8retire-site-scanner. Site-scanner using phantomjs and retire.js
8csp-testing. For testing browser support for Content Security Policy
7containerify. Build node.js docker images without docker
7PoetAndDidntKnowIt. My exploratory code to test padding oracle attacks
5cryptopals.js. Solutions for the matasano crypto challenges in node.js
4helmet.js. Contextually escaped html/js templating
4HashInjection. NoSQL injection - hash injection with rails and mongodb
3HashExtender. Java
3DigipostApi.Net. C#
3WebRebels2012. WebRebels talk and code
3eoftedal.github.com. HTML
2RiskTracker. For tracking risk
2AwesomeXSS. Awesome XSS stuff
2WordRedactor. Command line utility for creating a redacted version of a Word document (.docx) on Mac OS X
2dirlist. File system driver for mounting an nginx or apache directory listing as a local folder
1dependency-track. Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
1CrossDomainAndBrowserSecurity. Presentation
1Attacks-on-web-application-crypto. Presentation
1crypto. HTML
1SafeNuGet. This repo has been moved to https://github.com/OWASP/SafeNuGet
1WhiskWork. REST-based workflow management tool
1HashDosTesterForJava. Test your java app for HashDos
1Digipost-sync. Synker digipost-arkivets opplastede dokumenter mot en lokal katalog
1Sublime-JSHint. Javascript Lint for Sublime Text editor via node.js (JSHint build system and python plugin)
1