HTTP Security libraries allow you to set HTTP headers on your API requests that help make your app more secure. These headers include things like CORS and authentication tokens.
You can also use them to detect things like CSRF attacks. The Helmet module provides a handy utility that allows you to protect your Express apps from many common security problems. The Helmet module will automatically configure many of the common HTTP headers that are important for securing Express apps. Go-http-tunnel is a Go package that provides a middleware for transparently tunneling and/or proxying arbitrary TCP connections over HTTP. Go-http-tunnel is most commonly used to tunnel SSH connections, but can be used to create arbitrary tunnels between your network and the public internet. Many developers depend on the following open source HTTP Security libraries
helmet:
- Adds extra protection to websites by securing HTTP headers.
- Shields against common web vulnerabilities.
- Makes it easy to set up security-related HTTP headers.
helmetby helmetjs
Help secure Express apps with various HTTP headers
helmetby helmetjs
TypeScript 9575 Version:Current License: Permissive (MIT)
st2:
- Automates security tasks and coordinates with various security tools.
- Enables automatic responses to security incidents.
- Enhances overall security by streamlining processes.
st2by StackStorm
StackStorm (aka "IFTTT for Ops") is event-driven automation for auto-remediation, incident responses, troubleshooting, deployments, and more for DevOps and SREs. Includes rules engine, workflow, 160 integration packs with 6000+ actions (see https://exchange.stackstorm.org) and ChatOps. Installer at https://docs.stackstorm.com/install/index.html
st2by StackStorm
Python 5524 Version:v3.8.0 License: Permissive (Apache-2.0)
hetty:
- Acts as a proxy for analyzing and securing HTTP/HTTPS traffic.
- Automatically detects and reports vulnerabilities.
- Provides a user-friendly web interface for interactive inspection.
Responder:
- Fast API framework for Python.
- Automatically validates and serializes data.
- Supports modular design through dependency injection.
Responderby SpiderLabs
Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
Responderby SpiderLabs
Python 4118 Version:Current License: Strong Copyleft (GPL-3.0)
kore:
- Asynchronous web framework designed for efficient handling of concurrent connections.
- Built-in support for web technologies like HTTP/2 and WebSocket's.
- Facilitates high-performance web applications.
koreby jorisvink
An easy to use, scalable and secure web application framework for writing web APIs in C or Python. || This is a read-only mirror, please see https://kore.io/mail and https://kore.io/source for information on how to contribute via the mailing lists.
koreby jorisvink
C 3562 Version:4.0.0 License: Permissive (ISC)
go-http-tunnel:
- Provides secure and encrypted tunneling for HTTP traffic.
- Allows bypassing network restrictions for improved accessibility.
- Lightweight implementation in Go ensures efficiency.
go-http-tunnelby mmatczuk
Fast and secure tunnels over HTTP/2
go-http-tunnelby mmatczuk
Go 3068 Version:2.1 License: Strong Copyleft (AGPL-3.0)
secure:
- Collection of utility functions for security-related tasks.
- Simplifies encryption, hashing, and secure password handling.
- Provides essential tools for maintaining a secure application.
secureby unrolled
HTTP middleware for Go that facilitates some quick security wins.
secureby unrolled
Go 2113 Version:v1.13.0 License: Permissive (MIT)
Meteor-Files:
- Meteor package designed for secure handling of files.
- Simplifies secure file uploads for web applications.
- Supports server-side file processing, enhancing flexibility
Meteor-Filesby veliovgroup
🚀 Upload files via DDP or HTTP to ☄️ Meteor server FS, AWS, GridFS, DropBox or Google Drive. Fast, secure and robust.
Meteor-Filesby veliovgroup
JavaScript 1096 Version:2.3.3 License: Permissive (BSD-3-Clause)
FAQ
1. Why should I use a Helmet in my web application?
A helmet is essential for enhancing your web application’s security by
- automatically setting HTTP headers,
- mitigating common vulnerabilities and
- simplifying the implementation of security-related headers.
2. What is st2, and how can it benefit my organization’s security practices?
st2 is a powerful security automation and orchestration platform. It integrates with various security tools. This allows for automated incident response and improved overall security posture.
3. How does Hetty contribute to web security analysis?
Hetty serves as an HTTP/HTTPS proxy designed for security analysis. It offers automated vulnerability detection and a web-based interface for interactive inspection.
4. What sets Responder apart as a Python API framework?
Responder stands out with its fast performance, automatic data validation, and serialization. It also supports dependency injection, promoting a modular design for building robust APIs.
5. Why consider using go-http-tunnel for HTTP traffic?
go-http-tunnel provides secure and encrypted tunneling, enabling the bypassing of network restrictions. Its lightweight Go implementation ensures efficient, secure HTTP traffic handling.