gwen001
commented
11 months ago Issue correctly handled, tool is waiting for human validation.
Closed gwen001 closed 11 months ago
gwen001
commented
11 months ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
11 months ago Tool has been accepted by the team: https://offsec.tools/tool/acra
Thank you for your contribution!
[tags]proxy,sqli,encryption[/tags] [short_descr]Database protection suite with field level encryption and intrusion detection.[/short_descr] [link] https://www.cossacklabs.com/acra/ [/link] [link] https://github.com/cossacklabs/acra [/link] [long_descr] Acra provides application-level encryption for data fields, multi-layered access control, database leakage prevention, and intrusion detection capabilities in one suite. Acra was specifically designed for distributed apps (web, server-side and mobile) that store data in one or many databases / datastores.
Acra gives you tools for encrypting each sensitive data record (data field, database cell, json) before storing them in the database / file storage. And then decrypting them in a secure compartmented area (on Acra side). Acra allows to encrypt data as early as possible and operate on encrypted data.
Acra's cryptographic design ensures that no secret (password, key, etc.) leaked from the application or database will be sufficient for decryption of the protected data. Acra minimises the leakage scope, detects unauthorised behavior, and prevents the leakage, informing operators of the incident underway.
Major security features:
Acra delivers different layers of defense for different parts and stages of the data lifecycle. This is what defence in depth is – an independent set of security controls aimed at mitigating multiple risks in case of an attacker crossing the outer perimeter. [/long_descr] [image] https://raw.githubusercontent.com/gwen001/offsectools_www/main/tmp/35a170473352737cc0e02db1253444f7.png [/image]