Security News

The OpenSSF community has developed open-source security tools and projects, aiming to make security the default and promote a collaborative effort to strengthen the security posture of open-source ecosystems. OpenSSF is working to combat that challenge by establishing a security baseline for open-source projects and aims to propagate it across the Linux Foundation.

In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the coupling between security patches and other code changes.

Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF PACKET, while on other platforms, it employs generic PCAP live wire capture.

ReNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process. ReNgine was developed to overcome the constraints of conventional reconnaissance tools.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Tracecat is an open-source automation platform for security teams. The developers believe security automation should be accessible to everyone, especially understaffed small- to mid-sized teams.

Please turn on your JavaScript for this page to function normally. Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application's system prompt against dynamic LLM-based threats.

LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. "Many authentication packages generally support their internal APIs, known as package calls, and relatively few are documented or used outside of Microsoft. I wanted to document as many of these calls as possible and implement a tool for interacting with them so we could identify which would provide value for red team assessments," Evan McBroom, Senior Software Engineer at SpecterOps, told Help Net Security.

Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment. "Infrastructure as code has replaced a lot of the need for console access for many organizations, but there are still plenty of instances where the console is still being used, and in some cases, you need to use the AWS console to perform certain actions. Cloud Console Cartographer cuts through the noise generated in logs by those console sessions," Daniel Bohannon, Permiso's Principal Threat Researcher, told Help Net Security.

Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials, file data, and translate this data across standard industry SBOM formats. The key to strengthening software security and software supply chain risk management is an SBOM, which is a nested, formatted inventory that lists the software's components, including the supply chain relationships of various open-source and commercial components used in building software.