I run, contribute to, and support a number of OSS projects because I’m a Communist. I also sometimes write little niche programs that are useful to me, and I’ve found that other people find them useful, too.
I wrote a tool called JavaSnoop for testing the security of thick Java clients, like desktop applications, applets and WebStart programs. It was released at BlackHat USA 2010. The project page is over at Aspect Security.
If you’ve got arbitrary file uploads to a J2EE web accessible directory, you need pwnshell to maximize your compromise. It’s a single JSP that, when browsed to, delivers the user a Web 2.0 shell for the victimized server. Great for demos!
I’m a contributor to the OWASP ESAPI project, but I only touch code that relates to the built-in WAF.
Scrubbr is a GUI program that checks your database for stored XSS attacks. It uses AntiSamy as an engine, and can be used on SQL Server, Oracle or MySQL. It’s gotten some decent press and reviews. I’ve only had to release 1 version. Either that means its perfect or nobody’s using it. Not sure which. You can also skip the project page and go right to the download page.