https://github.com/hdiv/hdiv
Hdiv CE | Application Self-Protection
https://github.com/hdiv/hdiv
Last synced: 6 months ago
JSON representation
Hdiv CE | Application Self-Protection
- Host: GitHub
- URL: https://github.com/hdiv/hdiv
- Owner: hdiv
- License: other
- Created: 2011-10-22T15:52:59.000Z (about 14 years ago)
- Default Branch: master
- Last Pushed: 2024-10-29T23:31:15.000Z (about 1 year ago)
- Last Synced: 2024-10-30T01:52:20.539Z (about 1 year ago)
- Language: Java
- Homepage: https://hdivsecurity.com
- Size: 4.05 MB
- Stars: 214
- Watchers: 25
- Forks: 70
- Open Issues: 60
-
Metadata Files:
- Readme: README.md
- License: LICENSE_HEADER
Awesome Lists containing this project
- awesome-java-zh - Hdiv - 排除OWASP Top 10中包含的应用程序安全风险的运行时应用程序,包括SQL注入,跨站点脚本,跨站点请求伪造,数据篡改和蛮力攻击。 (项目 / 安全)
- awesome-java - Hdiv
- fucking-awesome-java - Hdiv - Runtime application that repels application security risks included in the OWASP Top 10, including SQL injection, cross-site scripting, cross-site request forgery, data tampering, and brute force attacks. (Projects / Security)
- awesome-java - Hdiv - Runtime application that repels application security risks included in the OWASP Top 10, including SQL injection, cross-site scripting, cross-site request forgery, data tampering, and brute force attacks. (Projects / Security)
- awesome-java - Hdiv - Runtime application that repels application security risks included in the OWASP Top 10, including SQL injection, cross-site scripting, cross-site request forgery, data tampering, and brute force attacks. (Projects / Security)
README
[](https://travis-ci.org/hdiv/hdiv)
[](http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22hdiv%22)
[](https://raw.githubusercontent.com/hdiv/hdiv/master/LICENSE_HEADER)
> *New to Hdiv? Check [this](https://www.youtube.com/watch?v=f4UPPxYId4Q)* out
## Hdiv: Application Self-Protection
Hdiv is a leading provider of open source software for real-time, self-protected applications. Hdiv solutions are built into applications during development to deliver the strongest available runtime application self-protection (RASP) against OWASP Top 10 threats. Since 2008, Hdiv has pioneered self-protection cyber security software, and today its solutions are used by leading commercial software providers and global enterprises in banking, government, retail, technology, and aerospace.
> Official Site: [https://hdivsecurity.com](http://hdivsecurity.com)
Online documentation: [https://hdivsecurity.com/docs/](https://hdivsecurity.com/docs/)
Community Technical documentation: [https://hdivsecurity.com/docs/installation/library-setup/](https://hdivsecurity.com/docs/installation/library-setup/)
`April 20th, 2018` - **[Hdiv v3.4.0 released!](https://github.com/hdiv/hdiv/releases)**
## How does Hdiv help?
Hdiv repels 90% of application security risks included in the OWASP Top 10—a broad consensus of the most critical web application security flaws —such as SQL injection, cross-site scripting, cross-site request forgery, data tampering, and brute force attacks. Hdiv offers higher effectiveness than any of the solutions currently available to fight web application security risks.
- Want to ensure strong security without having to know and understand all current security threats.
- Want strong security without compromising application performance or the user experience.
- Want to build security into applications while in development, instead of having to go back and patch and tweak applications later.
## Editions
### Hdiv Community
Is an open-source web application security framework that includes read-only data protection and editable data risk mitigation. It is appropriate for customers who have less stringent security requirements but want protection from cyber threats.
### Hdiv Enterprise
Is a commercial all-in-one solution integrating the best of AST (Application Security Testing), RASP (Runtime application self protection), and WAF (Web application firewall) approaches with enterprise-class security, exclusive functionality, scalability, and enterprise-level support services. For more information, contact us at support@hdivsecurity.com
## Installation
### Spring MVC
> https://www.youtube.com/watch?v=6-BNTh8AqQY
### Steps
Thanks to the new [extension point](http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/servlet/support/RequestDataValueProcessor.html) included in Spring 3.1, Hdiv installation and configuration for Spring MVC is cleaner and easier than previously.
1. Add Hdiv Jars.
org.hdiv
hdiv-config
3.3.0
org.hdiv
hdiv-spring-mvc
3.3.0
2. Add Hdiv listener and filter within `web.xml` file.
org.hdiv.listener.InitListener
ValidatorFilter
org.hdiv.filter.ValidatorFilter
ValidatorFilter
SampleMvc
3. Multipart configuration. Replace Spring MVC's `MultipartResolver` with the one from Hdiv. If `commons-fileupload` library is used for multipart processing:
If Servlet 3 standard multipart processing is used:
4. Editable data validation. In order to add editable validation errors into Spring MVC binding and validation errors, configure `hdivEditableValidator` as application wide validator.
If you are using a Spring MVC version prior to 3.1, it is necessary to introduce an additional step, replacing Spring MVC tlds with Hdiv tlds according to the specific version. The next example shows the code for Spring MVC 3.0.4:
http://www.springframework.org/tags/form
/WEB-INF/tlds/hdiv-spring-form-3_0_4.tld
http://www.springframework.org/tags
/WEB-INF/tlds/hdiv-spring.tld
### Spring MVC and Thymeleaf
Thanks to the implementation of [RequestDataValueProcessor](http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/servlet/support/RequestDataValueProcessor.html) interface in Thymeleaf, Hdiv support is straightforward.
1. Follow configuration steps for Spring MVC installation.
2. Add Hdiv jar for Thymeleaf
org.hdiv
hdiv-thymeleaf
3.3.0
### Grails
With the plugin architecture and [Hdiv Plugin](http://grails.org/plugin/hdiv) implementation supported by Grails, Hdiv installation is implemented using the ```BuildConfig.groovy``` configuration file adding the Hdiv plugin to it:
compile ':hdiv:1.0-RC2'
### JSTL
1. Add Hdiv jars.
org.hdiv
hdiv-config
3.3.0
org.hdiv
hdiv-jstl-taglibs-1.2
3.3.0
2. Add Hdiv Listener and Filter within `web.xml` file
org.hdiv.listener.InitListener
ValidatorFilter
org.hdiv.filter.ValidatorFilter
ValidatorFilter
SampleMvc
http://java.sun.com/jsp/jstl/core
/WEB-INF/tlds/hdiv-c.tld
### Struts 1
1. Add Hdiv jars.
org.hdiv
hdiv-config
3.3.0
org.hdiv
hdiv-struts-1
3.3.0
2. Add Hdiv listener and Filter within `web.xml` file.
org.hdiv.listener.InitListener
ValidatorFilter
org.hdiv.filter.ValidatorFilter
ValidatorFilter
*.do
/WEB-INF/struts-html.tld
/WEB-INF/hdiv-html.tld
/WEB-INF/struts-nested.tld
/WEB-INF/hdiv-nested.tld
/WEB-INF/struts-logic.tld
/WEB-INF/hdiv-logic.tld
### Struts 2
The latest Struts 2 version supported by Hdiv is Struts 2.0.11. Higher versions are supported by Hdiv Enterprise Edition.
1. Add Hdiv jars.
org.hdiv
hdiv-core
2.0.4
org.hdiv
hdiv-struts-2.0.11
2.0.4
2. Add Hdiv Listener and Filter within `web.xml` file.
org.hdiv.listener.InitListener
ValidatorFilter
*.action
ValidatorFilter
*.jsp
/struts-tags
/WEB-INF/hdiv-tags.tld
### JSF
1. Add Hdiv jars.
org.hdiv
hdiv-config
3.3.0
org.hdiv
hdiv-jsf
3.3.0
2. Add Hdiv listener, Hdiv Filter and define your custom faces-config (with Hdiv configuration, see the next point) within `web.xml` file.
javax.faces.CONFIG_FILES
/WEB-INF/hdiv-faces2-config.xml
org.hdiv.listener.InitListener
ValidatorFilter
org.hdiv.filter.ValidatorFilter
ValidatorFilter
Faces Servlet
3. This is the content of `/WEB-INF/hdiv-faces2-config.xml` file:
javax.faces.HtmlOutcomeTargetLink
org.hdiv.components.HtmlOutcomeTargetLinkExtension
javax.faces.HtmlOutcomeTargetButton
org.hdiv.components.HtmlOutcomeTargetButtonExtension
javax.faces.Parameter
org.hdiv.components.UIParameterExtension
javax.faces.HtmlInputHidden
org.hdiv.components.HtmlInputHiddenExtension
javax.faces.HtmlOutputLink
org.hdiv.components.HtmlOutputLinkExtension
org.hdiv.phaseListeners.ComponentMessagesPhaseListener
org.hdiv.phaseListeners.ConfigPhaseListener
org.hdiv.phaseListeners.ValidatorPhaseListener
org.hdiv.context.ExternalContextFactoryWrapper
## Configuration
Hdiv configuration is based on Spring configuration. Hdiv has a custom schema to reduce the configuration tasks. First of all we need a Spring configuration file to add Hdiv configuration.
From Hdiv version 2.1.7, it is possible to configure Hdiv in Java instead of XML.
@Configuration
@EnableHdivWebSecurity
public class HdivSecurityConfig extends HdivWebSecurityConfigurerAdapter {
@Override
public void configure(SecurityConfigBuilder builder) {
// Configuration options
}
}
All the configuration options are on the [technical documentation](https://hdivsecurity.com/docs/installation/library-setup/).
## How to build your own Hdiv jar
Clone this repository and build jar files (you'll need Git and Maven installed):
git clone git://github.com/hdiv/hdiv.git
cd hdiv
mvn install
The jars will be created in a folder named ```target``` and installed in local Maven repository.
## Do you need help?
If you have questions or problems, please [open an issue](https://github.com/hdiv/hdiv/issues) on this repository (hdiv/hdiv) or contact us at support@hdivsecurity.com
## License
Hdiv is released under version 2.0 of the [Apache License](http://www.apache.org/licenses/LICENSE-2.0).
## Profiler
JProfiler is kindly supporting Hdiv open source project with its full-featured Java Profiler.
Take a look at JProfiler's leading software products: [Java Profiler](http://www.ej-technologies.com/products/jprofiler/overview.html)