Tolga Ünlü's Projects
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
The Akita CLI for watching network traffic, automatically generating API specs, and diffing API specs.
Excerpts from my 3rd-year Dissertation Project: An Intrusion Detection System for a Web Application.
Application Intrusion Detection projects
A checklist of practices for organizations dealing with account takeover (ATO)
A sample MySQL server plugin to demonstrate how to use audit API events for practical purposes
AuthTables is a microservice that helps detect "Account Take Over" caused by simple credential theft. If bad actors are stealing your users passwords, AuthTables may be useful.
Tool to generate a valid Content Security Policy headers, integrity hashes and inline hashes for your current webpage
An awesome list of resources on deception-based security with honeypots and honeytokens
Behave! A monitoring browser extension for pages acting as "bad boi"
A programmable firewall designed for Node.js, integrate it into your TCP connections or as an Express middleware and program your rules and policies with ease.
Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives.
Canary: Input Detection and Response
A Demonstration Software Implementation of Client Puzzle Protocols as Countermeasure against Automated Threats to Web Applications
🕷 CrawlerDetect is a PHP class for detecting bots/crawlers/spiders via the user agent
Crawljax Plugins Mirror
A plugin which, when combined with HTMLWebpackPlugin, adds CSP tags to the HTML output.
Unified node.js error API for mysql, postgres and sqlite3
A simple intrusion detection/prevention system framework written in PHP.
This is the demo application of my talk "Defensive Coding Reloaded" held at the Securi-Tay 2022 conference in Dundee, Scotland.
Custom Python interpretter to use with self defense system
Detect if DevTools is open and its orientation
Django middleware to self repair web services
🍯 Generic honeypot utilities for use in django projects.
A Django middleware to validate user file uploads and detect malicious content.
Research prototype of DjangoChecker
JavaScript Framework to ensure webpage DOM integrity in presence of a malicious browser extension.