Top 23 HTML Security Projects

Security

• Add a project

1. KeeWeb

   1 61 12,937 7.3 HTML

   Free cross-platform password manager compatible with KeePass

   

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. YubiKey-Guide

   2 117 12,347 7.8 HTML

   Community guide to using YubiKey for GnuPG and SSH - protect secrets with hardware crypto.

   

   Project mention: Community guide to using Yubikey for GnuPG and SSH | news.ycombinator.com | 2026-04-16

4. school-of-sre

   3 2 8,116 3.7 HTML

   At LinkedIn, we are using this curriculum for onboarding our entry-level talents into the SRE role.

   

5. cve

   4 13 7,855 9.5 HTML

   Gather and update all available and newest CVEs with their PoC.

   

6. supercookie

   5 39 7,058 2.8 HTML

   ⚠️ Browser fingerprinting via favicon!

   

   Project mention: We found a stable Firefox identifier linking all your private Tor identities | news.ycombinator.com | 2026-04-22

   In addition to server-side bits like IP address, request headers and TLS/TCP fingerprints, there are some client-side things you can do such as with media queries, either directly via CSS styles or elements that support them directly like . You can get things like the installed fonts, screen size/type or platform/browser-specific identifiers.

   https://fingerprint.com/blog/disabling-javascript-wont-stop-...

   There is also a method of fingerprinting using the favicon: https://github.com/jonasstrehle/supercookie

7. Security-101

   6 1 6,519 8.3 HTML

   8 Lessons, Kick-start Your Cybersecurity Learning.

   

8. kubernetes-goat

   7 19 5,664 3.5 HTML

   Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

   

9. js-xss

   8 5 5,319 4.5 HTML

   Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

   

10. django-DefectDojo

    9 7 4,740 10.0 HTML

    Open-Source Unified Vulnerability Management, DevSecOps & ASPM

    

11. Web-Security-Learning

    10 1 4,302 0.0 HTML

    Web-Security-Learning

    

12. 1Hosts

    11 33 2,090 9.7 HTML

    Advanced DNS filter/blocklists for privacy, security, and clean browsing.

    

    Project mention: When internal hostnames are leaked to the clown | news.ycombinator.com | 2026-02-04

13. ICS-Security-Tools

    12 2 1,940 4.3 HTML

    Tools, tips, tricks, and more for exploring ICS Security.

    

14. slsa

    13 45 1,876 8.8 HTML

    Supply-chain Levels for Software Artifacts

    

    Project mention: For Londoners, a Roman Bridge Still Determines Your Commute | dev.to | 2026-05-07

    This is the failure mode I wrote about in The Only Guarantee Is Your Catalog Will Be Wrong. Eventually. and again in The Missing Part of the Pipeline. The structural answer is to wrap the bridge story onto the data at the moment of ingest, with claim-level granularity, signed and immutable, and let it ride with the data through every downstream transform. Provenance has to be a property of the artifact, not a layer reconstructed afterward by a catalog crawling artifacts that have already lost their context. Every downstream consumer inherits the wrap for free. The model reading the data can tell that the regulator's chunk supersedes the intern's chunk because that fact is in the manifest the chunk carries with it. The SLSA specification defines this primitive for software builds. The same primitive is what the data world has been missing.

15. security-txt

    14 17 1,862 10.0 HTML

    A proposed standard that allows websites to define security policies.

    

    Project mention: 1k Data Breaches Later, the Disclosure Lag Is Worse | news.ycombinator.com | 2026-06-08

    I've had a similar thought, where each company making over a certain amount of money per year must begin a VDP (and optionally a BBP) so that security flaws can be reported to them easily. This can easily be done by simply opening up security@companydomain and using security.txt (https://securitytxt.org). Reports must receive a response in N days, where N is calculated based on available staff, resource allocation, and revenue of the company.

16. portable-secret

    15 12 1,737 5.7 HTML

    Better privacy without special software

    

    Project mention: Show HN: DropLock – E2EE secret sharing web app with no back end | news.ycombinator.com | 2026-06-02

17. awesome-anti-forensic

    16 2 995 3.2 HTML

    Tools and packages that are used for countering forensic activities, including encryption, steganography, and anything that modify attributes. This all includes tools to work with anything in general that makes changes to a system for the purposes of hiding information.

    

18. railsgoat

    17 2 921 9.1 HTML

    A vulnerable version of Rails that follows the OWASP Top 10

    

19. ffprofile

    18 8 851 3.9 HTML

    A tool to create firefox profiles with personalized defaults.

    

20. i2pdbrowser

    19 8 792 5.8 HTML

    i2pd browser bundle

    

21. gapps

    20 5 673 3.7 HTML

    Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking

    

22. grapheneos.org

    21 6 666 9.9 HTML

    Servers for our website, HTTP/HTTPS connectivity checks, HTTPS network time, NTP (for Qualcomm XTRA), Broadcom PSDS cache, Samsung PSDS cache, Qualcomm PSDS (XTRA) cache, SUPL proxy, attestation key provisioning proxy, Vanadium component update check/download proxy, network location proxy and geocoding proxy. Also app and OS updates via an include.

    

    Project mention: How to Install and Start Using LineageOS on Your Phone | news.ycombinator.com | 2026-03-06

    you can easily change the launcher & keyboard to whatever you want on GrapheneOS. About ebay, check https://github.com/GrapheneOS/grapheneos.org/issues/1351

23. www-project-kubernetes-top-ten

    22 4 613 4.3 HTML

    OWASP Foundation Web Respository

    

    Project mention: From Active Learning to Deliberate Practice: an iximiuz Labs case study | dev.to | 2026-03-24

    This is a playground set up to give the learner practice with running a vulnerability scanning tool (in this case, kubescape) to identify and fix a randomized security vulnerability from the OWASP Kubernetes Top 10 list in a running cluster.

24. istlsfastyet.com

    23 14 427 1.8 HTML

    Is TLS fast yet? Yes, yes it is.

    

HTML Security related posts

• 1k Data Breaches Later, the Disclosure Lag Is Worse

  1 project | news.ycombinator.com | 8 Jun 2026

• The Website Specification

  9 projects | news.ycombinator.com | 31 May 2026

• Apparently Google hates us now

  2 projects | news.ycombinator.com | 20 May 2026

• For Londoners, a Roman Bridge Still Determines Your Commute

  1 project | dev.to | 7 May 2026

• 96% of GitHub repos have high severity issues in their Action workflows

  1 project | news.ycombinator.com | 29 Apr 2026

• Supply Chain Security Proxy: Move Beyond Vulnerability Scanning

  1 project | dev.to | 28 Apr 2026

• Community guide to using Yubikey for GnuPG and SSH

  1 project | news.ycombinator.com | 16 Apr 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 10 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending HTML projects with our weekly report!