Top 23 Java Security Projects
Open Source Identity and Access Management For Modern Applications and ServicesProject mention: Best Authentication and Authorization practices | reddit.com/r/dotnet | 2021-10-20
There is also https://www.keycloak.org/ as another FOSS option.
The OWASP ZAP core projectProject mention: Awesome Penetration Testing | dev.to | 2021-10-06
OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
Run Linux Software Faster and Safer than Linux with Unikernels.
Java JWT: JSON Web Token for Java and Android
Multi-platform transparent client-side encryption of your files in the cloudProject mention: Considering Upgrading to W11, worrying about files | reddit.com/r/Windows11 | 2021-10-21
Spring SecurityProject mention: How to ignore Url from Once per request filter | reddit.com/r/javahelp | 2021-05-12
You can extract (and validate) the JWT token into the Principal by implementing the getPreAuthenticatedPrincipal method, and map the claims to user details by providing through a custom implementation of AuthenticationUserDetailsService.
Free and open source log managementProject mention: Building a SOC from scratch | reddit.com/r/cybersecurity | 2021-10-20
The current school of thought is that the more consoles you have to look at, the more you'll miss. So we try to get everything in one place. Splunk is very popular in places that have the budget to spend, but functionally it's mostly a very polished ELK stack. If you're cost constrained, there are a lot of good ELK advice - mine is that a good friend of mine swears by Graylog and that's where I would start.
Apache ShiroProject mention: Apache Shiro | news.ycombinator.com | 2021-08-19
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.Project mention: Does anybody know any good materials for java defensive coding please?. | reddit.com/r/java | 2021-06-19
DependencyCheck is an open source tool that checks for vulnerabilities in dependencies used within a project. While it is a reactive tool, it's an important one since the code a developer writes is not the only code an application uses.
Open source alternative to Auth0 / Firebase Auth / AWS CognitoProject mention: Open source alternative to Keycloak and Ory for user auth | reddit.com/r/golang | 2021-10-08
From what I see, SuperTokens is Open Source too. https://github.com/supertokens/supertokens-core
An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.Project mention: Help With Mifare Classic Tags | reddit.com/r/NFC | 2021-02-17
Note that some phones that don't have a NFC chip made by NXP don't fully support Mifare Classic tags. See this list and this one.
A system for distributing and managing secrets
Fully featured, open source, privacy friendly email app for AndroidProject mention: K-9 Mail vs FairEmail | reddit.com/r/PrivacyGuides | 2021-10-22
I've used both K-9 and FairEmail. I prefer FairEmail.
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)Project mention: Looking for a Static Code Analysis tool for Scala Code | reddit.com/r/cybersecurity | 2021-08-28
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
Signal Protocol library for Java/AndroidProject mention: Facebook will verschlüsselte WhatsApp Nachrichten analysieren | reddit.com/r/de_EDV | 2021-08-05
Bouncy Castle Java Distribution (Mirror)Project mention: Java - Bouncy castle - OpenPGP | reddit.com/r/crypto | 2021-05-19
An authorization library that supports access control models like ACL, RBAC, ABAC in JavaProject mention: Casbin: An authorization library that supports access control models like ACL, RBAC, ABAC in Java | reddit.com/r/java | 2021-04-08
A p2p, secure file storage, social network and application protocolProject mention: “With HTTP, you search for locations. With IPFS, you search for content.” | news.ycombinator.com | 2021-10-17
Peergos is an interesting human-friendly project built on top of IPFS. Works great so far.
Of interest: they provide a trustless way to store your data encrypted data on centralised boxes (S3, Backblaze) if you want.
Nzyme is a free and open next-generation WiFi defense system. Go to www.nzyme.org for more information.Project mention: Nzyme – open-source next-generation WiFi defense system | news.ycombinator.com | 2021-10-04
Java library for secure, distributed, P2P-based file synchronization and sharing.Project mention: Libgdx, box2d local multiplayer? | reddit.com/r/gamedev | 2021-07-11
Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
The best authentication plugin for the Bukkit/Spigot API!Project mention: Online mode = false // Any way to configure it to allow Premium skins? | reddit.com/r/admincraft | 2021-01-19
AuthMe Reloaded has this option if I remember correctly. Link: https://github.com/AuthMe/AuthMeReloaded
Advanced Graphical User Interface for NMapProject mention: Network Scan | reddit.com/r/msp | 2021-01-06
With nmap scan results, it's up to you to convert the data to anything other than text. Zenmap is a GUI frontend for the scanner, and can do a bit of graphic mapping, but it's really showing its age. https://github.com/danicuestasuarez/NMapGUI might be a better use of your time.
What are some of the best open-source Security projects in Java? This list will help you:
Are you hiring? Post a new remote job listing for free.