A curated collection of free cybersecurity resources
It is a lementable reality that we need cybersecurity and that it is so complex and expensive. We initially created this list to provide our clients a list of resources that can improve their security at a low or no cost. The pretty version of this list is available at infosecstack.com.
Please note that not every resource in this repository will be useful to every person or organization. Some of the resources are incredibly detailed, and others are more fundamental. Additionally, some resources appear more than once in this list if they can be reasonably categorized in more than one area.
Want to contribute? Check the contribution guidelines.
- Ad blocking
- Antivirus
- Audit
- Content filtering
- Development
- Education
- Encryption
- Firewall
- Governance
- Guides
- Home security
- Incident response
- Intrusion detection and prevention
- Monitoring
- News
- Newsletters
- Passwords
- Penetration testing
- Phishing
- Privacy
- Ransomware
- Security awareness
- Social engineering
- Tools
- Two factor authentication
- Web security
**Ad Guard**undefined - Tools
Block ads on your entire home network, cell phones included, by configuring one setting in your router. Specifically, by updating the custom DNS settings, which takes less than 5 minutes.
- Free ad blocking - Premium blocking of adult content - No email or registration required
**MPVS Host File**undefined - Tools
Block ads on your PC simply by replacing your HOST file.
- Free ad blocking - No email or registration required
uBlock Origin - Raymond Hill - Tools
Wide-spectrum web-filter - generally used as an effective ad blocker. The link is the author's GitHub repository. However, it also contains links to plugins for popular browsers.
- Free - No email or registration required
**AVG AntiVirus**undefined - Tools
This is antivirus software which includes real-time security updates, scans for malware and performance issues, and more
- Free - No email or registration required
**Avast**undefined - Tools
This is antivirus software which scans for performance issues and analyzes unknown files in real time, among other things.
- Free - No email or registration required
AICPA Cybersecurity Resources - AICPA - Guides
A resource for CPAs and businesses seeking information about cybersecurity audits and risk management
- Free - No email or registration required
Federal Information System Controls Audit Manual - Government Accountability Office - Guides
The Federal Information System Controls Audit Manual (FISCAM) presents a methodology for auditing information system controls in Federal and other governmental entities. The guide aligns well with other information security frameworks, and can even function as a framework itself.
- Free - No email or registration required
Home Internet Security - Open DNS - Tools
Protect every device in your home by updating one setting in your home router. Specifically, by updating the custom DNS settings, which takes less than 5 minutes.
- Two free plans - one premium plan - Registration required
uBlock Origin - Raymond Hill - Tools
Wide-spectrum web-filter - generally used as an effective ad blocker. The link is the author's GitHub repository. However, it also contains links to plugins for popular browsers.
- Free - No email or registration required
Security Checklist for Developers - Fallible, Inc. - Tools
Developers have a lot of security responsibilities when writing applications. This guide helps remind developers of some of the key things they must consider.
- Free - No email or registration required.
zxcvbn - Dropbox - Tools
Implemented in over a dozen programming languages, zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.
- Free - No email or registration required for desktop app. Login with Github for online version.
Cyber Security: Protect and Defend - DeVry University - Udemy.com - Courses
Two and a half hour introduction video introduction to cybersecurity.
- Free - Premium trainings available - Registration required
Sideways Dictionary - Washington Post - Google - Guides
Define cybersecurity and other technology terms with analogies.
- Free - No email or registration required
Sophos UTM Home Edition - Sophos - Tools
Free home use firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users. It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.
- Free - Name and email required
Two Factor Auth List - Josh Davis - Guides
A list of websites and web applications and whether or not they support two factor authentication. Check with this list before signing up for your next bank/email host/etc. Two factor authentication prevents a stolen password from compromising an account.
- Free - No email or registration required
Two Factor Guides - TeleSign - Guides
A collection of guides to enable two factor authentication on popular websites and apps. Two factor authentication prevents a stolen password from compromising an account.
- Free - No email or registration required
ZoneAlarm - Check Point Software Technologies - Tools
This is firewall software that manages and monitors all incoming and outgoing traffic and shields the user from hackers, malware, and other online threats that put privacy at risk
- Free - No email or registration required
**Cypherix**undefined - Tools
This is encryption software that helps protect sensitive data on any Windows PC, Desktop, Laptop, Hard Disk or Removable Drive
- Free - No email or registration required
Let's Encrypt - Internet Security Research Group - Tools
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). In English, this means you get https, instead of http, on your website for free.
- Free - No email or registration required
SSL/TLS Browser Test - SSL Labs - Tools
The SSL client test shows the SSL/TLS capabilities of your browser.
- Free - No email or registration required
SSL/TLS Server Test - SSL Labs - Tools
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
- Free - No email or registration required
VeraCrypt - IDRIX - Tools
Veracrypt is the replacement to Truecrypt. An encryption tool to encrypt your hard drive.
- Free - No email or registration required
Sophos UTM Home Edition - Sophos - Tools
Free home use firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users. It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.
- Free - Name and email required
ZoneAlarm - Check Point Software Technologies - Tools
This is firewall software that manages and monitors all incoming and outgoing traffic and shields the user from hackers, malware, and other online threats that put privacy at risk
- Free - No email or registration required
AICPA Cybersecurity Resources - AICPA - Guides
A resource for CPAs and businesses seeking information about cybersecurity audits and risk management
- Free - No email or registration required
CIS Critical Security Controls for Cyber Defense - Center for Internet Security - Guides
Sometimes known as the SANS 20, this highly respected guide provides 20 cyber defense areas that most companies should have, and every company should be aware of.
- Free - No email or registration required
Cyber Security Planning Guide - Federal Communications Commission - Guides
The tool is designed for businesses that lack the resources to hire dedicated staff to protect their business, information and customers from cyber threats. Serves as a good starting point for organizations looking
- Free - No email or registration required
Information Security Policy Templates - SANS Institute - Guides
Corporate policy templates covering a wide range of topic areas. These templates make good starting points for organizations who want to formalize their information security practices into formal documentation.
- Free - No email or registration required
PagerDuty Incident Response Documentation - PagerDuty - Guides
This site documents parts of the PagerDuty Incident Response process. It is a cut-down version of their internal documentation, used at PagerDuty for any major incidents, and to prepare new employees for on-call responsibilities. It provides information not only on preparing for an incident, but also what to do during and after.
- Free - No email or registration required
Security and Privacy Controls for Federal Information Systems and Organizations - National Institute of Standards and Technology - Guides
Nearly 500 pages of security and privacy controls, as well as a framework for identifying which controls are necessary from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors.
- Free - No email or registration required
Threat Dragon - Open Web Application Security Project - Tools
Threat Dragon is a free, open-source threat modeling tool from OWASP. It can be used as a standalone desktop app for Windows and MacOS (Linux coming soon) or as a web application.
- Free - No email or registration required for desktop app. Login with Github for online version
CIS Critical Security Controls for Cyber Defense - Center for Internet Security - Guides
Sometimes known as the SANS 20, this highly respected guide provides 20 cyber defense areas that most companies should have, and every company should be aware of.
- Free - No email or registration required
Cyber Security Planning Guide - Federal Communications Commission - Guides
The tool is designed for businesses that lack the resources to hire dedicated staff to protect their business, information and customers from cyber threats. Serves as a good starting point for organizations looking
- Free - No email or registration required
Internet Crime Schemes - FBI Internet Crime Complaint Center (IC3) - Guides
The FBI's IC3 published a guide that describes just about every type of online scam that you can think of.
- Free - No email or registration required
PagerDuty Incident Response Documentation - PagerDuty - Guides
This site documents parts of the PagerDuty Incident Response process. It is a cut-down version of their internal documentation, used at PagerDuty for any major incidents, and to prepare new employees for on-call responsibilities. It provides information not only on preparing for an incident, but also what to do during and after.
- Free - No email or registration required
Security Checklist for Developers - Fallible, Inc. - Tools
Developers have a lot of security responsibilities when writing applications. This guide helps remind developers of some of the key things they must consider.
- Free - No email or registration required.
Security and Privacy Controls for Federal Information Systems and Organizations - National Institute of Standards and Technology - Guides
Nearly 500 pages of security and privacy controls, as well as a framework for identifying which controls are necessary from a diverse set of threats including hostile cyber attacks, natural disasters, structural failures, and human errors.
- Free - No email or registration required
**TurnOn2FA**undefined - Guides
This is a website that provides explanations and brings awareness to the benefits of two factor authentication. Two factor authentication prevents a stolen password from resulting in an account breach.
- Free - No email or registration required
**AVG AntiVirus**undefined - Tools
This is antivirus software which includes real-time security updates, scans for malware and performance issues, and more
- Free - No email or registration required
**Ad Guard**undefined - Tools
Block ads on your entire home network, cell phones included, by configuring one setting in your router. Specifically, by updating the custom DNS settings, which takes less than 5 minutes.
- Free ad blocking - Premium blocking of adult content - No email or registration required
**Avast**undefined - Tools
This is antivirus software which scans for performance issues and analyzes unknown files in real time, among other things.
- Free - No email or registration required
Avast Ransomware Decryption Tools - Avast - Tools
This is a website that has aggregated various decrypting tools
- Free - No email or registration required
**Dashlane**undefined - Tools
This is a website that manages passwords for the user
- Free with premium features available - No email or registration required
EMET - Microsoft - Tools
This is software designed to anticipate common actions and techniques used by hackers and mitigate them
- Free - No email or registration required
Home Internet Security - Open DNS - Tools
Protect every device in your home by updating one setting in your home router. Specifically, by updating the custom DNS settings, which takes less than 5 minutes.
- Two free plans - one premium plan - Registration required
Java Uninstaller - Oracle - Tools
Most users no longer need Java installed on their computer. Java creates an unnecessary attack surface. Unless absolutely necessary, it should be removed from your computer. Do this easily with the Java removal tool.
- Free - No email or registration required
**LastPass**undefined - Tools
A suite of apps and browser extensions to allow for easy password management.
- Free with premium features available - No email or registration required
**MPVS Host File**undefined - Tools
Block ads on your PC simply by replacing your HOST file.
- Free ad blocking - No email or registration required
McAfee Free Tools - McAfee - Tools
McAfee has compiled a list of tools useful to users, such as anti-malware, assessment utilities, and more
- Free - No email or registration required
**No More Ransom!**undefined - Tools
This is a website that has aggregated various decrypting software from a variety of vendors.
- Free - No email or registration required
No Ransom - Kaspersky - Tools
This is a ransomware decryptor, which can be used if your computer is affected with ransomware
- Free - No email or registration required
Online Plugin Checker - Mozilla - Tools
Many viruses can be contracted through surfing the web with outdated plugins. Check your Firefox plugins for missing updates free.
- Free - No email or registration required
Sophos UTM Home Edition - Sophos - Tools
Free home use firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users. It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.
- Free - Name and email required
Two Factor Auth List - Josh Davis - Guides
A list of websites and web applications and whether or not they support two factor authentication. Check with this list before signing up for your next bank/email host/etc. Two factor authentication prevents a stolen password from compromising an account.
- Free - No email or registration required
Two Factor Guides - TeleSign - Guides
A collection of guides to enable two factor authentication on popular websites and apps. Two factor authentication prevents a stolen password from compromising an account.
- Free - No email or registration required
ZoneAlarm - Check Point Software Technologies - Tools
This is firewall software that manages and monitors all incoming and outgoing traffic and shields the user from hackers, malware, and other online threats that put privacy at risk
- Free - No email or registration required
uBlock Origin - Raymond Hill - Tools
Wide-spectrum web-filter - generally used as an effective ad blocker. The link is the author's GitHub repository. However, it also contains links to plugins for popular browsers.
- Free - No email or registration required
Incident Handler's Handbook - SANS Institute - Guides
Outlines the six phases of the incident handling process. This reference provides organizations a starting position from which to base their own incident response program.
- Free - No email or registration required
PagerDuty Incident Response Documentation - PagerDuty - Guides
This site documents parts of the PagerDuty Incident Response process. It is a cut-down version of their internal documentation, used at PagerDuty for any major incidents, and to prepare new employees for on-call responsibilities. It provides information not only on preparing for an incident, but also what to do during and after.
- Free - No email or registration required
EMET - Microsoft - Tools
This is software designed to anticipate common actions and techniques used by hackers and mitigate them
- Free - No email or registration required
Home Internet Security - Open DNS - Tools
Protect every device in your home by updating one setting in your home router. Specifically, by updating the custom DNS settings, which takes less than 5 minutes.
- Two free plans - one premium plan - Registration required
Security Onion - Security Onion Solutions - Tools
Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
- Free - No email or registration required
Sophos UTM Home Edition - Sophos - Tools
Free home use firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users. It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.
- Free - Name and email required
ZoneAlarm - Check Point Software Technologies - Tools
This is firewall software that manages and monitors all incoming and outgoing traffic and shields the user from hackers, malware, and other online threats that put privacy at risk
- Free - No email or registration required
Have I Been Pwned - Troy Hunt - Tools
Check if you have an account that has been compromised in a data breach. Individual and domain notifications available. An API available is available for developers.
- Free - Rate limited API - Unlimited Premium API - No email required for scans, email required to subscribe to notifications
Patrol Server - Patrol Server - Tools
Detect outdated software on your website real-time and notify you with new software updates.
- Free monitoring for one, noncommercial website. Premium plans available. - Registration required
Inside Security - David Strom - Inside.com - News
Twice weekly email newsletter providing an in-depth look at all the most interesting cybersecurity news, complete with analysis and perspective you need to know to stay informed.
- Free with a premium sub subscription option - Email required
KrebsOnSecurity - Brian Krebs - News
KrebsOnSecurity is a top source for investigative reporting on cybercrime and Internet security.
- Free - No email or registration required
Naked Security - Sophos - News
Threat news room, giving you news, opinion, advice and research on computer security issues and the latest internet threats.
- Free - No email or registration required
Schneier on Security - Bruce Schneier - News
Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 13 books--including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World--as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people.
- Free - No email or registration required for blog. Email required for email based newsletter.
Troy Hunt - Troy Hunt - News
One of the most commonsense and easy to read security writers around. Troy writes about security news of the day with a focus on breaches.
- Free - No email or registration required
Inside Security - David Strom - Inside.com - News
Twice weekly email newsletter providing an in-depth look at all the most interesting cybersecurity news, complete with analysis and perspective you need to know to stay informed.
- Free with a premium sub subscription option - Email required
OUCH! Security Awareness Newsletter - SANS Institute - Guides
Free monthly security awareness training newsletter that security professionals can send to end users. Available in PDF format.
- Free - No email or registration required
Schneier on Security - Bruce Schneier - News
Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 13 books--including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World--as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people.
- Free - No email or registration required for blog. Email required for email based newsletter.
**Dashlane**undefined - Tools
This is a website that manages passwords for the user
- Free with premium features available - No email or registration required
**LastPass**undefined - Tools
A suite of apps and browser extensions to allow for easy password management.
- Free with premium features available - No email or registration required
zxcvbn - Dropbox - Tools
Implemented in over a dozen programming languages, zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.
- Free - No email or registration required for desktop app. Login with Github for online version.
Burp Suite - Portswigger - Tools
Web application security scanner
- Free - Premium version offers additional features - No email or registration required
Exploit DB - Offensive Security - Guides
A CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.
- Free - No email or registration required
Kali Linux - Offensive Security - Tools
The most advanced Linux penetration testing distribution.
- Free - No email or registration required
Kali Linux Tool List - Offensive Security - Guides
A list of tools included in Kali Linux maintained by Offensive Security.
- Free - No email or registration required
**OpenVAS Vulnerability Scanner**undefined - Tools
OpenVAS is an open source network vulnerability scanner. Similar to products like Nessus or Nexpose, but free.
- Free - No email or registration required
**Sectools.org Top 125 Security Tools**undefined - Guides
Sectools.org has an amazing collection of some of the most popular security tools with a ranking of popularity. Wireshark, JTR, Kismet, if it's popular, it's probably listed here.
- Free - No email or registration required
w3af - Portswigger - Tools
Web Application Attack and Audit Framework. It is a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
- Free - No email or registration required
**Go Phish**undefined - Tools
An open source phishing applications. Use it to test your company's resilience to phishing attacks.
- Free - No email or registration required
Have I Been Pwned - Troy Hunt - Tools
Check if you have an account that has been compromised in a data breach. Individual and domain notifications available. An API available is available for developers.
- Free - Rate limited API - Unlimited Premium API - No email required for scans, email required to subscribe to notifications
**Cypherix**undefined - Tools
This is encryption software that helps protect sensitive data on any Windows PC, Desktop, Laptop, Hard Disk or Removable Drive
- Free - No email or registration required
**Duckduckgo Search Engine**undefined - Tools
A search engine that doesn't track you.
- Free - No email or registration required
Electronic Frontier Foundation Surveillance Self-Defense - EFF - Guides
The Electronic Frontier Foundation is a nonprofit who's active in fighting for online privacy. Their website is a wealth of information. This specific sub-section of their website has several guides on maintaining privacy online.
- Free - No email or registration required
Firefox - Mozilla - Tools
Firefox is an active advocate of online privacy. They don't make money from advertising.
- Free - No email or registration required
Ghostery Firefox Plugin - Ghostery - Tools
Block all types of trackers that are watching what you do online.
- Free - No email or registration required
HTTPS Everywhere Firefox Plugin - EFF - Tools
Created by the Electronic Frontier Foundation, this plugin tries to force websites to use the encrypted HTTP protocol where possible.
- Free - No email or registration required
**NoScript Firefox Plugin**undefined - Tools
Block scripts on websites by default. This does a lot to protect against web-based viruses and improves privacy.
- Free - No email or registration required
Privacytools.io - privacytools.io - Guides
Privacytools.io is one of, if not the best resource to protect your online privacy. They discuss many topics including which VPN to use, what email respects your privacy, what cloud providers are safest, etc.
- Free - No email or registration required
That One Privacy Site - That One Privacy Guy - Guides
A handy website that compares features of different VPN services. VPNs can be helpful to protect your privacy online. Choose the VPN that has the features and benefits you need.
- Free - No email or registration required
Tor Browser - Tor Project - Tools
Browse the web with enhanced anonymity. The Tor browser can also be used to access the Dark Web. If you go to the Dark Web, proceed with caution.
- Free - No email or registration required
uBlock Origin - Raymond Hill - Tools
Wide-spectrum web-filter - generally used as an effective ad blocker. The link is the author's GitHub repository. However, it also contains links to plugins for popular browsers.
- Free - No email or registration required
Avast Ransomware Decryption Tools - Avast - Tools
This is a website that has aggregated various decrypting tools
- Free - No email or registration required
Free Ransomware Decryptors - Kaspersky Lab - Tools
Find the latest decryptors, ransomware removal tools, and information on ransomware protection
- Free - No email or registration required
Java Uninstaller - Oracle - Tools
Most users no longer need Java installed on their computer. Java creates an unnecessary attack surface. Unless absolutely necessary, it should be removed from your computer. Do this easily with the Java removal tool.
- Free - No email or registration required
Microsoft Enhanced Mitigation Experience Toolkit - Microsoft - Tools
Help mitigate zero-day viruses that antivirus can't stop by implementing several memory protection techniques. While one of the best tools made by Microsoft. This product has an End of Life of July 2018.
- Free - No email or registration required
**No More Ransom!**undefined - Tools
This is a website that has aggregated various decrypting software from a variety of vendors.
- Free - No email or registration required
No Ransom - Kaspersky - Tools
This is a ransomware decryptor, which can be used if your computer is affected with ransomware
- Free - No email or registration required
Online Plugin Checker - Mozilla - Tools
Many viruses can be contracted through surfing the web with outdated plugins. Check your Firefox plugins for missing updates free.
- Free - No email or registration required
**Go Phish**undefined - Tools
An open source phishing applications. Use it to test your company's resilience to phishing attacks.
- Free - No email or registration required
OUCH! Security Awareness Newsletter - SANS Institute - Guides
Free monthly security awareness training newsletter that security professionals can send to end users. Available in PDF format.
- Free - No email or registration required
Security Awareness Posters - SANS Institute - Guides
Security awareness posters covering a variety of topics. Print and display around your office to raise the security consciousness of your organization.
- Free - No email or registration required
Have I Been Pwned - Troy Hunt - Tools
Check if you have an account that has been compromised in a data breach. Individual and domain notifications available. An API available is available for developers.
- Free - Rate limited API - Unlimited Premium API - No email required for scans, email required to subscribe to notifications
**CloudFlare**undefined - Tools
Cloudflare speeds up and protects millions of websites, APIs, SaaS services, and other properties connected to the Internet. Free and premium plans available.
- Free basic plan with premium options available - Registration required
Cyber Security Planning Guide - Federal Communications Commission - Guides
The tool is designed for businesses that lack the resources to hire dedicated staff to protect their business, information and customers from cyber threats. Serves as a good starting point for organizations looking
- Free - No email or registration required
**Cypherix**undefined - Tools
This is encryption software that helps protect sensitive data on any Windows PC, Desktop, Laptop, Hard Disk or Removable Drive
- Free - No email or registration required
Free Ransomware Decryptors - Kaspersky Lab - Tools
Find the latest decryptors, ransomware removal tools, and information on ransomware protection
- Free - No email or registration required
Let's Encrypt - Internet Security Research Group - Tools
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). In English, this means you get https, instead of http, on your website for free.
- Free - No email or registration required
Microsoft Active Protections Program (MAPP) - Microsoft - Guides
Microsoft partners with several vendors to give them advanced access to new security issues before they patch them. What companies participate can be useful information when selecting your next Virus scanner, web filter, firewall, etc.
- Free - No email or registration required
Microsoft Enhanced Mitigation Experience Toolkit - Microsoft - Tools
Help mitigate zero-day viruses that antivirus can't stop by implementing several memory protection techniques. While one of the best tools made by Microsoft. This product has an End of Life of July 2018.
- Free - No email or registration required
SSL/TLS Browser Test - SSL Labs - Tools
The SSL client test shows the SSL/TLS capabilities of your browser.
- Free - No email or registration required
SSL/TLS Server Test - SSL Labs - Tools
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
- Free - No email or registration required
Threat Dragon - Open Web Application Security Project - Tools
Threat Dragon is a free, open-source threat modeling tool from OWASP. It can be used as a standalone desktop app for Windows and MacOS (Linux coming soon) or as a web application.
- Free - No email or registration required for desktop app. Login with Github for online version
VeraCrypt - IDRIX - Tools
Veracrypt is the replacement to Truecrypt. An encryption tool to encrypt your hard drive.
- Free - No email or registration required
zxcvbn - Dropbox - Tools
Implemented in over a dozen programming languages, zxcvbn is a password strength estimator inspired by password crackers. Through pattern matching and conservative estimation, it recognizes and weighs 30k common passwords, common names and surnames according to US census data, popular English words from Wikipedia and US television and movies, and other common patterns like dates, repeats (aaa), sequences (abcd), keyboard patterns (qwertyuiop), and l33t speak.
- Free - No email or registration required for desktop app. Login with Github for online version.
**TurnOn2FA**undefined - Guides
This is a website that provides explanations and brings awareness to the benefits of two factor authentication. Two factor authentication prevents a stolen password from resulting in an account breach.
- Free - No email or registration required
Two Factor Authentication Explained in Two Minutes - Duo via YouTube - Guides
Duo, an industry leader in two factor authentication, has a great video which quickly explains the benefits of two factor authentication.
- Free - No email or registration required
Burp Suite - Portswigger - Tools
Web application security scanner
- Free - Premium version offers additional features - No email or registration required
**CloudFlare**undefined - Tools
Cloudflare speeds up and protects millions of websites, APIs, SaaS services, and other properties connected to the Internet. Free and premium plans available.
- Free basic plan with premium options available - Registration required
Let's Encrypt - Internet Security Research Group - Tools
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG). In English, this means you get https, instead of http, on your website for free.
- Free - No email or registration required
My First 10 Minutes On a Server - Primer for Securing Ubuntu - Cody Littlewood - Guides
A basic guide for securing an Ubuntu server.
- Free - No email or registration required
Patrol Server - Patrol Server - Tools
Detect outdated software on your website real-time and notify you with new software updates.
- Free monitoring for one, noncommercial website. Premium plans available. - Registration required
SSL/TLS Browser Test - SSL Labs - Tools
The SSL client test shows the SSL/TLS capabilities of your browser.
- Free - No email or registration required
SSL/TLS Server Test - SSL Labs - Tools
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.
- Free - No email or registration required
Two Factor Auth - Josh Davis - Guides
List of websites and services which support two-factor authentication. Two-factor au
- Free - No email or registration required
uBlock Origin - Raymond Hill - Tools
Wide-spectrum web-filter - generally used as an effective ad blocker. The link is the author's GitHub repository. However, it also contains links to plugins for popular browsers.
- Free - No email or registration required
w3af - Portswigger - Tools
Web Application Attack and Audit Framework. It is a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
- Free - No email or registration required
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent