Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-java-security
Awesome Java Security Resources πΆβπ
https://github.com/guardrailsio/awesome-java-security
Last synced: 3 days ago
JSON representation
-
Reporting Bugs
-
Web Framework Hardening
- Apache Shiro - A powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
- Spring Security Oauth - Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
- JJWT - Java JWT: JSON Web Token for Java and Android.
- OWASP ESAPI Java - Enterprise Security API is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
- PAC4J - Security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.
- Spring Security - A powerful and highly customizable authentication and access-control framework.
- Spring Security Oauth - Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
-
Multi tools
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- hawkeye - Multi-purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
-
Static Code Analysis
- Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
- Sonarqube - SonarQube provides the capability to show the health of an application and highlight newly introduced issues.
- Oversecured - A static analyzer for Android apps (APK files), searches for security vulnerabilities. Contains 90+ vulnerability categories.
- Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
- Gitrob - Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.
- Sonarqube - SonarQube provides the capability to show the health of an application and highlight newly introduced issues.
-
Vulnerabilities and Security Advisories
- Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.
- Snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
- National Vulnerability Database - Java known vulnerabilities in the National Vulnerability Database.
- OWASP Dependency-Check - Detects publicly disclosed vulnerabilities in application dependencies.
- Contrast Community Edition - Free tool to locate CVEs and outdated dependencies in libraries.
- Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.
-
Cryptography
- Bouncy Castle - Java implementation of cryptographic algorithms.
- Conscrypt - Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.
- Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud.
- Keyczar - Easy-to-use crypto toolkit by Google.
- Keywhiz - System for distributing and managing secrets.
- ACME4J - Java ACME client for issuing X.509 certificates using Let's Encrypt or another ACME based CA.
- Tink - Multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
-
Articles, Guides & Talks
- Application Security Verification Standard - (PDF) The standard is a list of application security requirements that can be used by developers.
- Spring Security CSRF - A Guide to CSRF Protection in Spring Security.
- Securing a Web Application - This guide walks you through the process of creating a simple web application with resources that are protected by Spring Security.
- Spring Security Guides - Step by step guides on how to use Spring Security.
- Prevent cross-site scripting (XSS) attacks - This article explains how XSS attacks work and suggests a methodology to block XSS attacks.
- Java Security Resource Center - A collection of security details for different users of the Java Platform.
- Application Security Verification Standard - (PDF) The standard is a list of application security requirements that can be used by developers.
- Secure Coding Guidelines - Secure Coding Guidelines for Java SE
- Java Security Resource Center - A collection of security details for different users of the Java Platform.
- Prevent cross-site scripting (XSS) attacks - This article explains how XSS attacks work and suggests a methodology to block XSS attacks.
- Java Platform, Standard Edition Security Developerβs Guide - This guide covers major Java Standard Edition security components: Java Cryptography Architecture (JCA), Java Authentication and Authorization Service (JAAS) and Java Secure Socket Extensions (JSSE)
-
Specifications
-
Runtime Analysis
- Code Pulse - Code Pulse is a real-time code coverage tool for penetration testing activities.
- OWASP ZAP - Helps automatically find security vulnerabilities in your web applications.
-
Hacking Playground
- BodgeIt Store - A vulnerable web application aimed at people who are new to pen testing.
- OWASP Benchmark - A Java test suite designed to verify the speed and accuracy of vulnerability detection tools.
- Security Shepherd - Web and mobile application security training platform.
- WebGoat - A deliberately insecure Java Web Application.
-
Practices
Programming Languages
Categories
Sub Categories
Keywords
security
10
java
6
jwt
2
crypto
2
encryption
2
static-analysis
2
ratpack
1
saml
1
shiro
1
sparkjava
1
play-framework
1
openid-connect
1
spring-mvc
1
spring-security
1
vertx
1
framework
1
spring
1
spring-framework
1
ci
1
docker
1
nodejs
1
npm
1
ruby
1
code-analysis
1
findbugs
1
linter
1
static-code-analysis
1
github-api
1
jackson
1
java-jwt
1
jjwt
1
json
1
jwe
1
jwk
1
jwk-thumbprint
1
jwk-thumbprint-uri
1
jwkset
1
jws
1
jwt-auth
1
jwt-authentication
1
jwt-bearer-tokens
1
jwt-claims
1
jwt-server
1
jwt-token
1
jwt-tokens
1
authentication
1
authorization
1
cas
1
dropwizard
1
j2e
1