Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-java-security

Awesome Java Security Resources 🕶☕🔐
https://github.com/guardrailsio/awesome-java-security

Last synced: 6 days ago
JSON representation

Reporting Bugs
- Java Security Reporting
Web Framework Hardening
- Apache Shiro - A powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
- Spring Security Oauth - Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
- JJWT - Java JWT: JSON Web Token for Java and Android.
- OWASP ESAPI Java - Enterprise Security API is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
- PAC4J - Security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.
- Spring Security - A powerful and highly customizable authentication and access-control framework.
Multi tools
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
- hawkeye - Multi-purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
Static Code Analysis
- Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
- Sonarqube - SonarQube provides the capability to show the health of an application and highlight newly introduced issues.
- Oversecured - A static analyzer for Android apps (APK files), searches for security vulnerabilities. Contains 90+ vulnerability categories.
- Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
- Gitrob - Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.
- Sonarqube - SonarQube provides the capability to show the health of an application and highlight newly introduced issues.
- Find Security Bugs - SpotBugs plugin for security audits of Java web applications and Android applications.
Vulnerabilities and Security Advisories
- Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.
- Snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
- National Vulnerability Database - Java known vulnerabilities in the National Vulnerability Database.
- OWASP Dependency-Check - Detects publicly disclosed vulnerabilities in application dependencies.
- Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.
- Contrast Community Edition - Free tool to locate CVEs and outdated dependencies in libraries.
Cryptography
- Bouncy Castle - Java implementation of cryptographic algorithms.
- Conscrypt - Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.
- Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud.
- Keyczar - Easy-to-use crypto toolkit by Google.
- Keywhiz - System for distributing and managing secrets.
- ACME4J - Java ACME client for issuing X.509 certificates using Let's Encrypt or another ACME based CA.
- Tink - Multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Articles, Guides & Talks
- Application Security Verification Standard - (PDF) The standard is a list of application security requirements that can be used by developers.
- Spring Security CSRF - A Guide to CSRF Protection in Spring Security.
- Securing a Web Application - This guide walks you through the process of creating a simple web application with resources that are protected by Spring Security.
- Spring Security Guides - Step by step guides on how to use Spring Security.
- Prevent cross-site scripting (XSS) attacks - This article explains how XSS attacks work and suggests a methodology to block XSS attacks.
- Java Security Resource Center - A collection of security details for different users of the Java Platform.
- Application Security Verification Standard - (PDF) The standard is a list of application security requirements that can be used by developers.
- Secure Coding Guidelines - Secure Coding Guidelines for Java SE
- Java Security Resource Center - A collection of security details for different users of the Java Platform.
- Prevent cross-site scripting (XSS) attacks - This article explains how XSS attacks work and suggests a methodology to block XSS attacks.
- Java Platform, Standard Edition Security Developer’s Guide - This guide covers major Java Standard Edition security components: Java Cryptography Architecture (JCA), Java Authentication and Authorization Service (JAAS) and Java Secure Socket Extensions (JSSE)
Specifications
Runtime Analysis
- Code Pulse - Code Pulse is a real-time code coverage tool for penetration testing activities.
- OWASP ZAP - Helps automatically find security vulnerabilities in your web applications.
Hacking Playground
- BodgeIt Store - A vulnerable web application aimed at people who are new to pen testing.
- OWASP Benchmark - A Java test suite designed to verify the speed and accuracy of vulnerability detection tools.
- Security Shepherd - Web and mobile application security training platform.
- WebGoat - A deliberately insecure Java Web Application.
Practices
- Encrypting with SSL/TLS

Programming Languages

Java 15 JavaScript 2 TypeScript 1 HTML 1 Go 1

Ecosyste.ms: Awesome

awesome-java-security

Reporting Bugs

Web Framework Hardening

Multi tools

Static Code Analysis

Vulnerabilities and Security Advisories

Cryptography

Articles, Guides & Talks

Specifications

Runtime Analysis

Hacking Playground

Practices