guardrailsio / Awesome Java Security
Awesome Java Security Resources πΆβπ
Stars: β 216
Programming Languages
java
68154 projects - #9 most used programming language
Projects that are alternatives of or similar to Awesome Java Security
Security Tools
Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: β 509 (+135.65%)
Mutual labels: static-analysis, security-tools, security-testing
Awesome Python Security
Awesome Python Security resources πΆππ
Stars: β 738 (+241.67%)
Mutual labels: static-analysis, security-tools, security-testing
Awesome Dotnet Security
Awesome .NET Security Resources
Stars: β 325 (+50.46%)
Mutual labels: static-analysis, security-tools, security-testing
Jsprime
a javascript static security analysis tool
Stars: β 556 (+157.41%)
Mutual labels: static-analysis, security-tools
Gosec
Golang security checker
Stars: β 5,694 (+2536.11%)
Mutual labels: static-analysis, security-tools
Salus
Security scanner coordinator
Stars: β 441 (+104.17%)
Mutual labels: static-analysis, security-tools
Taipan
Web application vulnerability scanner
Stars: β 359 (+66.2%)
Mutual labels: security-tools, security-testing
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
Stars: β 6,281 (+2807.87%)
Mutual labels: static-analysis, security-tools
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: β 62 (-71.3%)
Mutual labels: security-tools, security-testing
Awesome Golang Security
Awesome Golang Security resources πΆπ
Stars: β 1,355 (+527.31%)
Mutual labels: static-analysis, security-tools
Huskyci
Performing security tests inside your CI
Stars: β 398 (+84.26%)
Mutual labels: static-analysis, security-tools
Applicationinspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: β 3,873 (+1693.06%)
Mutual labels: static-analysis, security-tools
Squealer
Telling tales on you for leaking secrets!
Stars: β 97 (-55.09%)
Mutual labels: static-analysis, security-tools
Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: β 207 (-4.17%)
Mutual labels: static-analysis, security-tools
Wssat
WEB SERVICE SECURITY ASSESSMENT TOOL
Stars: β 360 (+66.67%)
Mutual labels: static-analysis, security-tools
Libdiffuzz
Custom memory allocator that helps discover reads from uninitialized memory
Stars: β 147 (-31.94%)
Mutual labels: security-tools, security-testing
Shodansploit
π shodansploit > v1.3.0
Stars: β 342 (+58.33%)
Mutual labels: security-tools, security-testing
Watchdog
Watchdog - A Comprehensive Security Scanning and a Vulnerability Management Tool.
Stars: β 345 (+59.72%)
Mutual labels: security-tools, security-testing
Amdh
Android Mobile Device Hardening
Stars: β 95 (-56.02%)
Mutual labels: static-analysis, security-tools
A curated list of awesome Java security-related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Contents
Tools
Web Framework Hardening
- Apache Shiro - A powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
- JJWT - Java JWT: JSON Web Token for Java and Android.
- OWASP ESAPI Java - Enterprise Security API is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
- PAC4J - Security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.
- Spring Security - A powerful and highly customizable authentication and access-control framework.
- Spring Security Oauth - Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
Multi tools
- hawkeye - Multi-purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
- GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.
Static Code Analysis
- Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
- Find Security Bugs - SpotBugs plugin for security audits of Java web applications and Android applications.
- Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
- Gitrob - Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.
- Sonarqube - SonarQube provides the capability to show the health of an application and highlight newly introduced issues.
Runtime Analysis
- Code Pulse - Code Pulse is a real-time code coverage tool for penetration testing activities.
- OWASP ZAP - Helps automatically find security vulnerabilities in your web applications.
- Contrast Community Edition - Free runtime protection and vulnerability detection tool, identifying issues in running applications.
Vulnerabilities and Security Advisories
- OWASP Dependency-Check - Detects publicly disclosed vulnerabilities in application dependencies.
- Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.
- Snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
- National Vulnerability Database - Java known vulnerabilities in the National Vulnerability Database.
- Contrast Community Edition - Free tool to locate CVEs and outdated dependencies in libraries.
Cryptography
- Bouncy Castle - Java implementation of cryptographic algorithms.
- Conscrypt - Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.
- Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud.
- Keyczar - Easy-to-use crypto toolkit by Google.
- Keywhiz - System for distributing and managing secrets.
- Tink - Multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
- ACME4J - Java ACME client for issuing X.509 certificates using Let's Encrypt or another ACME based CA.
Educational
Hacking Playground
- BodgeIt Store - A vulnerable web application aimed at people who are new to pen testing.
- OWASP Benchmark - A Java test suite designed to verify the speed and accuracy of vulnerability detection tools.
- Security Shepherd - Web and mobile application security training platform.
- WebGoat - A deliberately insecure Java Web Application.
Articles, Guides & Talks
- Java Platform, Standard Edition Security Developerβs Guide - This guide covers major Java Standard Edition security components: Java Cryptography Architecture (JCA), Java Authentication and Authorization Service (JAAS) and Java Secure Socket Extensions (JSSE)
- Application Security Verification Standard - (PDF) The standard is a list of application security requirements that can be used by developers.
- Spring Security CSRF - A Guide to CSRF Protection in Spring Security.
- Secure Coding Guidelines - Secure Coding Guidelines for Java SE
- Securing a Web Application - This guide walks you through the process of creating a simple web application with resources that are protected by Spring Security.
- Spring Security Guides - Step by step guides on how to use Spring Security.
- Prevent cross-site scripting (XSS) attacks - This article explains how XSS attacks work and suggests a methodology to block XSS attacks.
- Java Security Resource Center - A collection of security details for different users of the Java Platform.
Practices
- Encrypting with SSL/TLS Step by step guide for encrypting client and server communication
Specifications
- JSR 115: Java Authorization Contract for Containers
- JSR 196: Java Authentication Service Provider Interface for Containers
- JSR 375: Java EE Security API
Other
Reporting Bugs
Contributing
Found an awesome project, package, article, or another type of resources related to Java Security? Open a pull request! Just follow the guidelines. Thank you!
License
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].