Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-java-security

Awesome Java Security Resources πŸ•Άβ˜•πŸ”
https://github.com/guardrailsio/awesome-java-security

Last synced: 3 days ago
JSON representation

  • Reporting Bugs

  • Web Framework Hardening

    • Apache Shiro - A powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
    • Spring Security Oauth - Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
    • JJWT - Java JWT: JSON Web Token for Java and Android.
    • OWASP ESAPI Java - Enterprise Security API is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
    • PAC4J - Security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.
    • Spring Security - A powerful and highly customizable authentication and access-control framework.
    • Spring Security Oauth - Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
  • Multi tools

    • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
    • hawkeye - Multi-purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • Static Code Analysis

    • Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
    • Sonarqube - SonarQube provides the capability to show the health of an application and highlight newly introduced issues.
    • Oversecured - A static analyzer for Android apps (APK files), searches for security vulnerabilities. Contains 90+ vulnerability categories.
    • Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
    • Gitrob - Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.
    • Sonarqube - SonarQube provides the capability to show the health of an application and highlight newly introduced issues.
  • Vulnerabilities and Security Advisories

  • Cryptography

    • Bouncy Castle - Java implementation of cryptographic algorithms.
    • Conscrypt - Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.
    • Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud.
    • Keyczar - Easy-to-use crypto toolkit by Google.
    • Keywhiz - System for distributing and managing secrets.
    • ACME4J - Java ACME client for issuing X.509 certificates using Let's Encrypt or another ACME based CA.
    • Tink - Multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
  • Articles, Guides & Talks

  • Specifications

  • Runtime Analysis

    • Code Pulse - Code Pulse is a real-time code coverage tool for penetration testing activities.
    • OWASP ZAP - Helps automatically find security vulnerabilities in your web applications.
  • Hacking Playground

    • BodgeIt Store - A vulnerable web application aimed at people who are new to pen testing.
    • OWASP Benchmark - A Java test suite designed to verify the speed and accuracy of vulnerability detection tools.
    • Security Shepherd - Web and mobile application security training platform.
    • WebGoat - A deliberately insecure Java Web Application.
  • Practices