A collection of preventions against vulnerabilities in software.
All software has bugs. Some "bugs" are exploitable in ways that can cause great havoc with the data that they process or other systems they interact with. This is an attempt to make a concise listing of strategies and libraries which limit the range of vulnerabilities in software. Many techniques have been discovered throughout the years, and many counter measures are available and open source.
- Assumption Checking
- Brute Force Attacks
- Denial of Service Attacks
- Error Bounds Attacks
- Failed Crypto
- Firewalls
- Intrusion Detection
- Injection Attacks
- Malformed / Missing Authentication
- Overflow / Underflow Attacks
- Parsing Data
- Phishing Attacks
- Physical Compromise
- Privilege escalation
- Race Conditions
- Relay Attacks
- Replay Attacks
- Session Hijacking
- Scanners
- Sloppy Practices
- Spoofing Attacks
- Social Engineering
- Timing Attacks
- Tracking
- Check out via github
- Create a branch and submit a Pull Request
This project was originally inspired from fuzzdb (now on github)! I'm in the process of setting up a much better table of contributions and their specific licensing per-contributiion.
Most contributions are distilled down to the following licenses.
- Code: http://opensource.org/licenses/BSD-3-Clause
- Content: https://creativecommons.org/licenses/by/3.0/
- Adam Muntner [email protected]
- Adam Shannon [email protected]
Notable sources and other contributors: (From original fuzzdb)
- metasploit wmap http://www.metasploit.com/redmine/projects/framework/wiki/WMAP
- dirb http://www.open-labs.org/
- jbrofuzz http://www.owasp.org/index.php/Category:OWASP_JBroFuzz
- skipfish http://code.google.com/p/skipfish/
- rsnake's xss and rfi files http://ha.ckers.org/
- michael daw's web shell archive http://michaeldaw.org/
- joseph giron (joseph.giron13 (at) gmail.com)
- ron gutierrez - html tags and javascript events
- analysis of default app installs
- lists already submitted to OWASP Fuzzing Code DB by Wagner Elias, Eduardo Neves, Ulisses Castro, Adam Muntner http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=News