jjwt
owasp-zap-jwt-addon
Our great sponsors
jjwt | owasp-zap-jwt-addon | |
---|---|---|
4 | 6 | |
9,833 | 28 | |
1.3% | - | |
8.3 | 1.6 | |
8 days ago | 11 months ago | |
Java | Java | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jjwt
- Java JWT: JSON Web Token for Java and Android
-
A simple to use Java 8 JWT Library. Verify, Sign, Encode, Decode all day.
How does this compare to JJWT?
-
Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
Note that this PoC uses DER signature which is accepted by the jjwt library as fallback (see https://github.com/jwtk/jjwt/blob/master/impl/src/main/java/io/jsonwebtoken/impl/crypto/EllipticCurveSignatureValidator.java ), but that is not a standard. Standard is JOSE format.
-
JWT authentication in Spring Security and Angular
There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.
owasp-zap-jwt-addon
- Hacktoberfest'21
- Hacktoberfest Interesting tasks for contribution
- Owasp VulnerableApp: A VulnerableApplication to help scanner evaluate themselves and also for students to learn about vulnerabilities.
- Owasp ZAP JWT addon for finding vulerabilities in JWT implementations.
-
Scanning and Fuzzing JWT's
In case you are interested in project, visit: https://github.com/SasanLabs/owasp-zap-jwt-addon
What are some alternatives?
jwt-java - JSON Web Token implementation for Java according to RFC 7519. Easily create, parse and validate JSON Web Tokens using a fluent API.
ZAP - The ZAP core project
Nimbus JOSE+JWT - JSON Web Token (JWT) implementation for Java with support for signatures (JWS), encryption (JWE) and web keys (JWK).
VulnerableApp - OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
Spring Security - Spring Security
owasp-zap-fileupload-addon - OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.
Bouncy Castle - Bouncy Castle Java Distribution (Mirror)
crAPI - completely ridiculous API (crAPI)
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
VulnerableApp-facade - VulnerableApp-facade is probably most modern lightweight distributed farm of Vulnerable Applications built for handling wide range of vulnerabilities across tech stacks.
java-jwt-benchmark - Project for benchmarking popular Json Web Token (JWT) frameworks for Java using JMH.
java-jwt - Java implementation of JSON Web Token (JWT)