IAM

Context aware, pluggable and customizable data protection and PII data anonymization service for text and images.

Best practices for developers.

A benchmark of all identifier formats.

Funny take on the global aspect of unique identifiers.

Open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

Guide to using YubiKey as a SmartCard for storing GPG encryption, signing and authentication keys, which can also be used for SSH. Many of the principles in this document are applicable to other smart card devices.

Acts as a broker between CAs and environments, providing a central portal for developers to issue TLS certificates with 'sane' defaults.

A swiss army knife for PKI/TLS by CloudFlare. Command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.

A suite of network fingerprinting methods to facilitate threat-hunting and analysis.

Learn how to use JWT to secure your web app.

Set of services and libraries supporting service authentication and role-based authorization for provisioning and configuration.

An authorization endpoint to write context-aware access control policies.

Self-hosted, open-source, RBAC system written in Rust.

Policy decision point. It uses a set of access control policies, similar to AWS policies, in order to determine whether a subject is authorized to perform a certain action on a resource.

Access control library, inspired by AWS.

Open-source access control library for Golang projects.

An open-source general-purpose decision engine to create and enforce ABAC policies.

An open source database system for managing security-critical application permissions inspired by Zanzibar.

Another open-source authorization as a service inspired by Google Zanzibar, and see how it compares to other Zanzibar-inspired tools.

An open-source project which combines the policy-as-code and decision logging of OPA with a Zanzibar-modeled directory.

Open Source administration layer for OPA, detecting changes to both policy and policy data in realtime and pushing live updates to OPA agents. OPAL brings open-policy up to the speed needed by live applications.

A relationship based access control (ReBAC) engine (inspired by Google Zanzibar) also capable of enforcing any authorization paradigm, including RBAC and ABAC.

Writing security-conscious IAM Policies by hand can be very tedious and inefficient. Policy Sentry helps users to create least-privilege policies in a matter of seconds.

AWS IAM policy statement generator with fluent interface. Helps with creating type safe IAM policies and writing more restrictive/secure statements by offering conditions and ARN generation via IntelliSense. Available for Node.js, Python, .Net and Java.

GitOps for IAM. The Terraform of Cloud IAM. IAMbic is a multi-cloud identity and access management (IAM) control plane that centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in version control.

High performance rate-limiting micro-service and library.

Open-source project for building trusted execution environments (TEE) with secure hardware enclaves, based on the RISC-V architecture.

A specification and a reference implementation for the secure transfer, storage and processing of data.

Wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks.

An open-source infrastructure for user identity and risk management.

Hunt down social media accounts by username across social networks.

A proposed method to “detects microcluster anomalies, or suddenly arriving groups of suspiciously similar edges, in edge streams, using constant time and memory.”

Open-source platform for visualizing and manipulating large graphs.

“A concise definition of Threat Intelligence: evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.”

An open source intelligence (OSINT) automation tool. It integrates with just about every data source available and uses a range of methods for data analysis, making that data easy to navigate.

that can be leveraged by scammers =to bypass security or fool users.

Collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

CSV database of email addresses used by threat actor in phishing kits.

Tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

Reference all open-source captcha libraries, integration, alternatives and cracking tools.

An open-source solution to protect upstream resources from scraper bots.

Consolidates reputable hosts files, and merges them into a unified hosts file with duplicates removed.

Extensive collection of list for security, privacy and parental control.

Mozilla's registry of public suffixes, under which Internet users can (or historically could) directly register names.

CIDR country-level IP data, straight from the Regional Internet Registries, updated hourly.

Top-5000 most common domain prefix/suffix list.

NSA's XKeyscore matching rules for TOR and other anonymity preserving tools.

A list of temporary email providers. And its derivative Python module

Cross-language temporary (disposable/throwaway) email detection library.

A list of domains for disposable and temporary email addresses. Useful for filtering your email list to increase open rates (sending email to these domains likely will not be opened).

“A ruby gem to check if the owner of a given email address or website is working for THE MAN (a.k.a verifies government domains).” Good resource to hunt for potential government customers in your user base.

This is a general list of words you may want to consider reserving, in a system where users can pick any name.

Profanity blocklist from Shutterstock.

Uses a linear SVM model trained on 200k human-labeled samples of clean and profane text strings.