From password rules to token handling, security often takes more time than expected. Small mistakes in authentication can lead to serious security issues, and applying security standards correctly (e.g., OWASP) in real projects is not always easy. How do you handle it?
Hi, I m Tharaka from Sri Lanka. I am building RestingOwl, an open-source platform focused on making application security secure by default.
Instead of expecting developers to handle security on their own, RestingOwl provides ready-to-use packages that are easy to use and help avoid common mistakes.
We re starting by aligning with OWASP standards as the first step, and we plan to expand to other security standards over time.
Our first package, OwlAuth, will be released (on April 20th) for npm to make it easy for Node.js developers to get started, and we will continue building more security-focused packages with the community.
RestingOwl is a platform (under development and released soon) that provides secure-by-default open-source packages designed to align with OWASP best practices (extended to other standards later) and prevent common security mistakes. owlauth, its first package, is an npm package for authentication. It supports signup, login, password management, passwordless magic links, rejecting weak passwords, breach detection, safe audit logging, and many more (refer to the NPM organization). More to come.
