Skip to content

An ongoing collection of java language tools and frameworks, software, libraries, learning tutorials, frameworks, academic and practical resources.

License

Notifications You must be signed in to change notification settings

paulveillard/cybersecurity-java-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Java Security

Welcome to the World of Java:

An ongoing collection of java language tools and frameworks, software, libraries, learning tutorials, frameworks, academic and practical resources. Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.

java

Table of Contents

Tools

Web Framework Hardening

  • Apache Shiro - A powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
  • JJWT - Java JWT: JSON Web Token for Java and Android.
  • OWASP ESAPI Java - Enterprise Security API is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
  • PAC4J - Security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.
  • Spring Security - A powerful and highly customizable authentication and access-control framework.
  • Spring Security Oauth - Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.

Multi tools

  • hawkeye - Multi-purpose security/vulnerability/risk scanning tool supporting Ruby, Node.js, Python, PHP and Java.
  • GuardRails - A GitHub App that gives you instant security feedback in your Pull Requests.

Static Code Analysis

  • Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
  • Find Security Bugs - SpotBugs plugin for security audits of Java web applications and Android applications.
  • Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
  • Gitrob - Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.
  • Sonarqube - SonarQube provides the capability to show the health of an application and highlight newly introduced issues.
  • Oversecured - A static analyzer for Android apps (APK files), searches for security vulnerabilities. Contains 90+ vulnerability categories.

Runtime Analysis

  • Code Pulse - Code Pulse is a real-time code coverage tool for penetration testing activities.
  • OWASP ZAP - Helps automatically find security vulnerabilities in your web applications.
  • Contrast Community Edition - Free runtime protection and vulnerability detection tool, identifying issues in running applications.

Vulnerabilities and Security Advisories

Cryptography

  • Bouncy Castle - Java implementation of cryptographic algorithms.
  • Conscrypt - Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.
  • Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud.
  • Keyczar - Easy-to-use crypto toolkit by Google.
  • Keywhiz - System for distributing and managing secrets.
  • Tink - Multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
  • ACME4J - Java ACME client for issuing X.509 certificates using Let's Encrypt or another ACME based CA.

Educational

Hacking Playground

  • BodgeIt Store - A vulnerable web application aimed at people who are new to pen testing.
  • OWASP Benchmark - A Java test suite designed to verify the speed and accuracy of vulnerability detection tools.
  • Security Shepherd - Web and mobile application security training platform.
  • WebGoat - A deliberately insecure Java Web Application.

Articles, Guides & Talks

Practices

Specifications

Other

Reporting Bugs

Contributing

Found an awesome project, package, article, or another type of resources related to Java Security? Open a pull request!

License

MIT License & cc license

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work. Just follow the guidelines. Thank you!

About

An ongoing collection of java language tools and frameworks, software, libraries, learning tutorials, frameworks, academic and practical resources.

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published