{"id":13716491,"url":"https://github.com/guardrailsio/awesome-java-security","last_synced_at":"2025-10-22T15:31:25.376Z","repository":{"id":46866752,"uuid":"165595507","full_name":"guardrailsio/awesome-java-security","owner":"guardrailsio","description":"Awesome Java Security Resources 🕶☕🔐","archived":false,"fork":false,"pushed_at":"2023-08-24T08:53:57.000Z","size":30,"stargazers_count":310,"open_issues_count":3,"forks_count":30,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-10-16T00:13:34.955Z","etag":null,"topics":["awesome","awesome-list","java","security","security-testing","security-tools","static-analysis"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/guardrailsio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.MD","funding":null,"license":null,"code_of_conduct":"code-of-conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-01-14T04:30:48.000Z","updated_at":"2025-07-27T16:18:50.000Z","dependencies_parsed_at":"2024-01-05T23:44:53.330Z","dependency_job_id":"d06a11ad-252f-4d35-81f4-c39e39a50136","html_url":"https://github.com/guardrailsio/awesome-java-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/guardrailsio/awesome-java-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardrailsio%2Fawesome-java-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardrailsio%2Fawesome-java-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardrailsio%2Fawesome-java-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardrailsio%2Fawesome-java-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/guardrailsio","download_url":"https://codeload.github.com/guardrailsio/awesome-java-security/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/guardrailsio%2Fawesome-java-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280459126,"owners_count":26334264,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-22T02:00:06.515Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","java","security","security-testing","security-tools","static-analysis"],"created_at":"2024-08-03T00:01:10.991Z","updated_at":"2025-10-22T15:31:25.347Z","avatar_url":"https://github.com/guardrailsio.png","language":null,"readme":"\u003cbr/\u003e\n\u003cdiv align=\"center\"\u003e\n\nA curated list of awesome Java security-related resources.\n\n[![Awesome](https://awesome.re/badge.svg)](https://awesome.re)\n\n_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._\n\nSupported by: [GuardRails.io](https://www.guardrails.io)\n\n\u003c/div\u003e\n\u003cbr/\u003e\n\n# Contents\n- [Tools](#tools)\n- [Educational](#educational)\n- [Other](#other)\n\n# Tools\n\n## Web Framework Hardening\n\n- [Apache Shiro](https://shiro.apache.org/) - A powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.\n- [JJWT](https://github.com/jwtk/jjwt) - Java JWT: JSON Web Token for Java and Android.\n- [OWASP ESAPI Java](https://github.com/ESAPI/esapi-java-legacy) - Enterprise Security API is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.\n- [PAC4J](https://github.com/pac4j/pac4j) - Security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.\n- [Spring Security](https://github.com/spring-projects/spring-security) - A powerful and highly customizable authentication and access-control framework.\n- [Spring Security Oauth](https://github.com/spring-projects/spring-security-oauth) - Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.\n\n## Multi tools\n\n- [hawkeye](https://github.com/hawkeyesec/scanner-cli) - Multi-purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.\n- [GuardRails](https://github.com/apps/guardrails) - A GitHub App that gives you instant security feedback in your Pull Requests.\n\n## Static Code Analysis\n\n- [Spotbugs](https://github.com/spotbugs/spotbugs) - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.\n- [Find Security Bugs](https://github.com/find-sec-bugs/find-sec-bugs/) - SpotBugs plugin for security audits of Java web applications and Android applications.\n- [Detect Secrets](https://libraries.io/pypi/detect-secrets) - An enterprise friendly way of detecting and preventing secrets in code.\n- [Gitrob](https://github.com/michenriksen/gitrob) - Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.\n- [Sonarqube](https://github.com/SonarSource/sonarqube) - SonarQube provides the capability to show the health of an application and highlight newly introduced issues.\n- [Oversecured](https://oversecured.com/) - A static analyzer for Android apps (APK files), searches for security vulnerabilities. Contains 90+ vulnerability categories.\n- [Bearer]([https://oversecured.com/](https://github.com/Bearer/bearer)) - A static code security analyzer to discover, filter and prioritize security and privacy risks.\n\n## Runtime Analysis\n\n- [Code Pulse](https://github.com/codedx/codepulse) - Code Pulse is a real-time code coverage tool for penetration testing activities.\n- [OWASP ZAP](https://github.com/zaproxy/zaproxy) -  Helps automatically find security vulnerabilities in your web applications.\n- [Contrast Community Edition](https://www.contrastsecurity.com/contrast-community-edition) - Free runtime protection and vulnerability detection tool, identifying issues in running applications.\n\n## Vulnerabilities and Security Advisories\n\n- [OWASP Dependency-Check](https://github.com/jeremylong/DependencyCheck) - Detects publicly disclosed vulnerabilities in application dependencies.\n- [Snyk](https://github.com/snyk/snyk) - CLI and build-time tool to find \u0026 fix known vulnerabilities in open-source dependencies.\n- [Snyk Vulnerability DB](https://snyk.io/vuln?type=maven) - Commercial but free listing of known vulnerabilities in libraries.\n- [Common Vulnerabilities and Exposures](https://www.cvedetails.com/product/19117/Oracle-JRE.html?vendor_id=93) - Vulnerabilities that were assigned a CVE. Covers the language and packages.\n- [National Vulnerability Database](https://nvd.nist.gov/vuln/search/results?form_type=Basic\u0026results_type=overview\u0026query=java\u0026search_type=all) - Java known vulnerabilities in the National Vulnerability Database.\n- [Contrast Community Edition](https://www.contrastsecurity.com/contrast-community-edition) - Free tool to locate CVEs and outdated dependencies in libraries.\n\n## Cryptography\n\n- [Bouncy Castle](https://www.bouncycastle.org/java.html) - Java implementation of cryptographic algorithms.\n- [Conscrypt](https://github.com/google/conscrypt) - Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.\n- [Cryptomator](https://github.com/cryptomator/cryptomator) - Multi-platform transparent client-side encryption of your files in the cloud.\n- [Keyczar](https://github.com/google/keyczar) - Easy-to-use crypto toolkit by Google.\n- [Keywhiz](https://github.com/square/keywhiz) - System for distributing and managing secrets.\n- [Tink](https://github.com/google/tink) - Multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.\n- [ACME4J](https://github.com/shred/acme4j) - Java ACME client for issuing X.509 certificates using Let's Encrypt or another ACME based CA.\n\n# Educational\n\n## Hacking Playground\n\n- [BodgeIt Store](https://github.com/psiinon/bodgeit) - A vulnerable web application aimed at people who are new to pen testing.\n- [OWASP Benchmark](https://github.com/OWASP/Benchmark) - A Java test suite designed to verify the speed and accuracy of vulnerability detection tools.\n- [Security Shepherd](https://github.com/OWASP/SecurityShepherd) - Web and mobile application security training platform.\n- [WebGoat](https://github.com/WebGoat/WebGoat) - A deliberately insecure Java Web Application.\n\n## Articles, Guides \u0026 Talks\n\n- [Java Platform, Standard Edition Security Developer’s Guide](https://docs.oracle.com/javase/10/security/toc.htm) - This guide covers major Java Standard Edition security components: Java Cryptography Architecture (JCA), Java Authentication and Authorization Service (JAAS) and Java Secure Socket Extensions (JSSE)\n- [Application Security Verification Standard](https://www.owasp.org/images/3/33/OWASP_Application_Security_Verification_Standard_3.0.1.pdf) - (PDF) The standard is a list of application security requirements that can be used by developers.\n- [Spring Security CSRF](https://www.baeldung.com/spring-security-csrf) - A Guide to CSRF Protection in Spring Security.\n- [Secure Coding Guidelines](https://www.oracle.com/technetwork/java/seccodeguide-139067.html) - Secure Coding Guidelines for Java SE\n- [Securing a Web Application](https://spring.io/guides/gs/securing-web/) - This guide walks you through the process of creating a simple web application with resources that are protected by Spring Security.\n- [Spring Security Guides](https://docs.spring.io/spring-security/site/docs/current/guides/html5/index.html) - Step by step guides on how to use Spring Security.\n- [Prevent cross-site scripting (XSS) attacks](https://www.ibm.com/developerworks/library/se-prevent-cross-site-scripting-attacks/index.html) - This article explains how XSS attacks work and suggests a methodology to block XSS attacks.\n- [Java Security Resource Center](https://www.oracle.com/technetwork/java/javase/overview/security-2043272.html) - A collection of security details for different users of the Java Platform.\n\n## Practices\n\n- [Encrypting with SSL/TLS](https://github.com/Hakky54/mutual-tls-ssl) Step by step guide for encrypting client and server communication\n\n## Specifications\n\n- [JSR 115: Java Authorization Contract for Containers](https://jcp.org/en/jsr/detail?id=115)\n- [JSR 196: Java Authentication Service Provider Interface for Containers](https://www.jcp.org/en/jsr/detail?id=196)\n- [JSR 375: Java EE Security API](https://jcp.org/en/jsr/detail?id=375)\n\n# Other\n\n## Reporting Bugs\n\n- [Java Security Reporting](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html)\n\n## Contributing\n\nFound an awesome project, package, article, or another type of resources related to Java Security? Open a pull request!\nJust follow the [guidelines](/CONTRIBUTING.MD). Thank you!\n\n\n## License\n\n[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0/)\n","funding_links":[],"categories":["Coding","Programming Languages","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","Others","Other Lists"],"sub_categories":["TeX Lists"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fguardrailsio%2Fawesome-java-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fguardrailsio%2Fawesome-java-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fguardrailsio%2Fawesome-java-security/lists"}