14/11/2024, 21:41 GitHub - guardrailsio/awesome-java-security: Awesome Java Security Resources 🕶☕🔐

guardrailsio/awesome-java-security Public
Awesome Java Security Resources 🕶 ☕ 🔐
302 stars 27 forks Branches Tags Activity
Star Notifications
Code Issues Pull requests 2 Actions Projects Security Insights

3 Branches 0 Tags Go to file Go to file Code

streichsbaer Merge pull request #11 from gmontard/patch-1

24e772d · last year

CONTRIBUTING.MD Initial commit of Awesome Ja… 6 years ago

README.md Adding Bearer to Static Cod… last year
code-of-conduct.md Modify project team e-mail a… 5 years ago

A curated list of awesome Java security-related resources.

List inspired by the awesome list thing.

Supported by: GuardRails.io

Contents
Tools
Educational
Other
Tools
https://github.com/guardrailsio/awesome-java-security 1/5
 🕶☕🔐
Web Framework Hardening
14/11/2024, 21:41 GitHub - guardrailsio/awesome-java-security: Awesome Java Security Resources

Apache Shiro - A powerful and easy-to-use Java security framework that performs
authentication, authorization, cryptography, and session management.
JJWT - JavaCode
README JWT:ofJSON
conductWeb Token for Java and Android.
OWASP ESAPI Java - Enterprise Security API is a free, open source, web application
security control library that makes it easier for programmers to write lower-risk
applications.
PAC4J - Security engine for Java to authenticate users, get their profiles and manage
authorizations in order to secure web applications and web services.
Spring Security - A powerful and highly customizable authentication and access-control
framework.
Spring Security Oauth - Support for adding OAuth1(a) and OAuth2 features (consumer
and provider) for Spring web applications.
Multi tools
hawkeye - Multi-purpose security/vulnerability/risk scanning tool supporting Ruby,
Node.js, Python, PHP and Java.
GuardRails - A GitHub App that gives you instant security feedback in your Pull
Requests.
Static Code Analysis
Spotbugs - SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs
in Java code.
Find Security Bugs - SpotBugs plugin for security audits of Java web applications and
Android applications.
Detect Secrets - An enterprise friendly way of detecting and preventing secrets in code.
Gitrob - Gitrob is a tool to help find potentially sensitive files pushed to public
repositories on Github.
Sonarqube - SonarQube provides the capability to show the health of an application and
highlight newly introduced issues.
Oversecured - A static analyzer for Android apps (APK files), searches for security
vulnerabilities. Contains 90+ vulnerability categories.
Bearer - A static code security analyzer to discover, filter and prioritize security and
privacy risks.
Runtime Analysis
Code Pulse - Code Pulse is a real-time code coverage tool for penetration testing
activities.
OWASP ZAP - Helps automatically find security vulnerabilities in your web applications.
https://github.com/guardrailsio/awesome-java-security 2/5
14/11/2024, 21:41 GitHub - guardrailsio/awesome-java-security: Awesome Java Security Resources 🕶☕🔐
Contrast Community Edition - Free runtime protection and vulnerability detection tool,
identifying issues in running applications.
Vulnerabilities and Security Advisories
OWASP Dependency-Check - Detects publicly disclosed vulnerabilities in application
dependencies.
Snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source
dependencies.
Snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE.
Covers the language and packages.
National Vulnerability Database - Java known vulnerabilities in the National Vulnerability
Database.
Contrast Community Edition - Free tool to locate CVEs and outdated dependencies in
libraries.
Cryptography
Bouncy Castle - Java implementation of cryptographic algorithms.
Conscrypt - Java Security Provider that implements parts of the Java Cryptography
Extension and Java Secure Socket Extension.
Cryptomator - Multi-platform transparent client-side encryption of your files in the
cloud.
Keyczar - Easy-to-use crypto toolkit by Google.
Keywhiz - System for distributing and managing secrets.
Tink - Multi-language, cross-platform library that provides cryptographic APIs that are
secure, easy to use correctly, and hard(er) to misuse.
ACME4J - Java ACME client for issuing X.509 certificates using Let's Encrypt or another
ACME based CA.
Educational
Hacking Playground
BodgeIt Store - A vulnerable web application aimed at people who are new to pen
testing.
OWASP Benchmark - A Java test suite designed to verify the speed and accuracy of
vulnerability detection tools.
Security Shepherd - Web and mobile application security training platform.
WebGoat - A deliberately insecure Java Web Application.
https://github.com/guardrailsio/awesome-java-security 3/5
 🕶☕🔐
Articles, Guides & Talks
14/11/2024, 21:41 GitHub - guardrailsio/awesome-java-security: Awesome Java Security Resources

Java Platform, Standard Edition Security Developer’s Guide - This guide covers major
Java Standard Edition security components: Java Cryptography Architecture (JCA), Java
Authentication and Authorization Service (JAAS) and Java Secure Socket Extensions
(JSSE)
Application Security Verification Standard - (PDF) The standard is a list of application
security requirements that can be used by developers.
Spring Security CSRF - A Guide to CSRF Protection in Spring Security.
Secure Coding Guidelines - Secure Coding Guidelines for Java SE
Securing a Web Application - This guide walks you through the process of creating a
simple web application with resources that are protected by Spring Security.
Spring Security Guides - Step by step guides on how to use Spring Security.
Prevent cross-site scripting (XSS) attacks - This article explains how XSS attacks work
and suggests a methodology to block XSS attacks.
Java Security Resource Center - A collection of security details for different users of the
Java Platform.
Practices
Encrypting with SSL/TLS Step by step guide for encrypting client and server
communication
Specifications
JSR 115: Java Authorization Contract for Containers
JSR 196: Java Authentication Service Provider Interface for Containers
JSR 375: Java EE Security API
Other
Reporting Bugs
Java Security Reporting
Contributing
Found an awesome project, package, article, or another type of resources related to Java
Security? Open a pull request! Just follow the guidelines. Thank you!
License
https://github.com/guardrailsio/awesome-java-security 4/5
14/11/2024, 21:41 GitHub - guardrailsio/awesome-java-security: Awesome Java Security Resources 🕶☕🔐

Releases
No releases published

Packages
No packages published

Contributors 8

https://github.com/guardrailsio/awesome-java-security 5/5