Open Source ChromeOS Libraries

The database access library for C++ programmers that provides the illusion of embedding SQL in regular C++ code, staying entirely within the C++ standard.

An authorization library that supports access control models like ACL, RBAC, ABAC for Golang, Java, C/C++, Node.js, Javascript, PHP, Laravel, Python, .NET (C#), Delphi, Rust, Ruby, Swift (Objective-C), Lua (OpenResty), Dart (Flutter) and Elixir. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. Besides memory and file, Casbin policy can be stored into lots of places. Currently, dozens of databases are supported, from MySQL, Postgres, Oracle to MongoDB, Redis, Cassandra, AWS S3. jCasbin is a powerful and efficient open-source access control library for Java projects. It provides support for enforcing authorization based on various access control models.

Coraza is an open-source, enterprise-grade, high-performance Web Application Firewall (WAF) ready to protect your beloved applications. It is written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set. Coraza is a drop-in alternative to replace the soon-to-be abandoned Trustwave ModSecurity Engine and supports industry-standard SecLang rule sets. Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances.

Infosec Reference is a curated knowledge base and resource repository for information security practitioners. It aggregates cheat sheets, tooling guides, protocol deep dives, incident response playbooks, and threat actor profiles—all organized under accessible categories (network, web, host, cryptography, auditing). The repo is built as a living wiki of sorts: practitioners contribute updates, expand sections, or refine explanations as the threat landscape evolves. Because security spans many domains, Infosec Reference helps consolidate high-value, battle-tested knowledge into one place, reducing the need to scour scattered blogs or notes. It often contains links to external references, example commands, common workflows, and template policies or checklists. For newer security professionals or teams looking to build a shared reference, it serves as a catalog of contextually verified insights, a starting point for training, or a hub for standardized practices.

A library for secure smart contract development. Build on a solid foundation of community-vetted code. OpenZeppelin Contracts uses semantic versioning to communicate backward compatibility of its API and storage layout. To keep your system secure, you should always use the installed code as-is, and neither copy-paste it from online sources nor modify it yourself. The library is designed so that only the contracts and functions you use are deployed, so you don't need to worry about it needlessly increasing gas costs. Reduce the risk of vulnerabilities in your applications by using standard, tested, community-reviewed code.

The security first OAuth2 & OpenID Connect framework for Go. Built simple, powerful, and extensible. This library implements peer-reviewed IETF RFC6749, counterfeits weaknesses covered in peer-reviewed IETF RFC6819 and countermeasures various database attack scenarios, keeping your application safe when that hacker penetrates or leaks your database. OpenID Connect is implemented according to OpenID Connect Core 1.0 incorporating errata set 1 and includes all flows: code, implicit, and hybrid. OAuth2 and OpenID Connect are difficult protocols. If you want quick wins, we strongly encourage you to look at Hydra. Hydra is a secure, high-performance, cloud native OAuth2 and OpenID Connect service that integrates with every authentication method imaginable and is built on top of Fosite.

Composed of a Java steganographic library and GUI to use steganography. Primarily intended for research communities on security and steganography to implement new dissimulation and steganalysis algorithms. More information at www.hidereveal.org

multiOTP is a PHP class, a powerful command line utility and a web interface developed by SysCo systèmes de communication sa in order to provide a completely free and easy operating system independent server side implementation for strong two factors authentication solution. multiOTP supports hardware and software tokens with different One-Time Password algorithms like OATH/HOTP, OATH/TOTP and mOTP (Mobile-OTP). QRcode generation is also embedded in order to support provisioning of Google Authenticator software tokens. SMS code sending is currently implemented for several providers (ASPSMS, Clickatell and IntelliSMS). The data storage of the command line utility is by default flat files based in order to simplify deployment in a few minutes, but MySQL backend is supported too. multiOTP can be easily integrated in RADIUS servers like FreeRADIUS under Linux/Windows or TekRADIUS LT under Windows. multiOTP is also the engine of the credential provider multiOTP Credential Provider.

** Guys I have built a much more powerful Fully Featured CMS system at: https://github.com/MacdonaldRobinson/FlexDotnetCMS Macs CMS is a Flat File ( XML and SQLite ) based AJAX Content Management System. It focuses mainly on the Edit In Place editing concept. It comes with a built in blog with moderation support, user manager section, roles manager section, SEO / SEF URL

Library to encode and decode text or files to base64.

AnLib is a PHP library of useful functions and classes to help you build and deploy PHP applications swiftly and easily.

Java module to create, read and write Password Safe V3 encrypted databases. The package is a mature offspring from project JPasswords and can be used with Java 1.8. There is an API document available.

SilverTunnel-NG is a Java library that implements and encapsulates all the complex network protocol stuff needed for anonymous communication over the Tor anonymity network. SilverTunnel-NG Netlib can be easily integrated in almost every existing and new Java application. The library requires Java 1.6/Java SE 6 or a newer version. This is a fork of silvertunnel (https://silvertunnel.org) Version (0.0.4) is deployed to maven. Since Version 0.0.4 SilverTunnel-NG also runs on Android. YourKit is kindly supporting this open source project with its full-featured Java Profiler. YourKit, LLC is the creator of innovative and intelligent tools for profiling Java and .NET applications. Take a look at YourKit's leading software products: http://www.yourkit.com/ . Automatic Builds and Tests are done with DEV@CloudBees : https://silvertunnel-ng.ci.cloudbees.com/

This class is intended to block the action of spam bots or robots (as Captcha), employing inteligent tactics on human detection. Made on PHP.

Commons-SSH is a thin bridge between different Java SSH implementations libraries. It doesn't contain any crypto-related code and created to be used by projects who doesn't want to care about export control regulations (let client to decide)

This is a JavaScript library which gives the ability to use cryptographic functionality abstracted of available technologies on the browser side. It executes a cryptographic function with the fastest technology including Java, JavaScript and Flash.

Simple OpenID support for Django Framework.

A test framework for penetration testing Java classes and methods with randomized parameters and testing the results.

The Java Object Instance Security Toolkit

Java implementation of MIKEY (Multimedia Internet KEYing, RFC 3830).

The SpotBugs plugin for security audits of Java web applications. Find Security Bugs is the SpotBugs plugin for security audits of Java web applications. It can detect 141 different vulnerability types with over 823 unique API signatures. Cover popular frameworks including Spring-MVC, Struts, Tapestry and many more. Plugins are available for Eclipse, IntelliJ / Android Studio and NetBeans. Command line integration is available with Ant and Maven. Can be used with systems such as Jenkins and SonarQube. Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE.

RainDoll aims to be an implementation of a symmetric-encryption utility for desktop users written in C#/.NET and Windows Forms with two goals: security and simplicity. It uses cryptographic standards for security, and has a smart, compact interface.

The problems of the unsafe C string functions such as the infamous strcpy() and strcat() are well-known, causing buffer overflows and leading to multiple security vulnerabilities. The SSM library is a safe and reliable alternative the old C string library.

A kind of encryption named "simple stream encrypt". The length of plaintext segment or the length of key is not limited, but must greater than zero. The lengths of every plaintext segment in a process don't require equivalency.