Top 23 Java Security Projects
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.Project mention: Storing Sensitive Information in Django | reddit.com/r/django | 2021-03-14
Open Source Identity and Access Management For Modern Applications and ServicesProject mention: Are there PHP-based SSO / OAuth / SAML / CAS providers that I can easily self-host and manage graphically on cPanel shared hosting ? | reddit.com/r/selfhosted | 2021-04-09
What you are looking for is an Identity Provider or IdP. As far as self hostable solutions go, Keycloak is going to be your best bet. I’m not aware of any IdPs that are written in PHP and can match the features of Keycloak.
Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
The OWASP ZAP core projectProject mention: Any fiddler-like program which can debug the request I sent ? | reddit.com/r/scrapy | 2021-03-09
What you are looking for is a "man in the middle (MITM)" proxy, and my favorite is ZAP, although the appropriately named mitmproxy is also very popular
Java JWT: JSON Web Token for Java and AndroidProject mention: JWT authentication in Spring Security and Angular | dev.to | 2020-09-14
There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.
Free and open source log managementProject mention: AWS releases forked Elasticsearch code. Announces new name: OpenSearc | news.ycombinator.com | 2021-04-12
Multi-platform transparent client-side encryption of your files in the cloudProject mention: Encrypt your files with this open source software | Opensource.com | reddit.com/r/linux | 2021-04-13
For small vaults you can use Cryptomator, https://cryptomator.org/ . It works nicely also for cloud options.
Apache ShiroProject mention: Libraries, Frameworks and Technologies you would NOT recommend | reddit.com/r/java | 2021-04-13
Apache Shiro is another security framework. I haven't tried it out myself, but I was sorely tempted to when trying to set up Spring Security.
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.Project mention: Weekly Developer Roundup #16 - Sun Oct 04 2020 | dev.to | 2020-10-03
jeremylong/DependencyCheck (Java): OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
A system for distributing and managing secrets
An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.Project mention: Help With Mifare Classic Tags | reddit.com/r/NFC | 2021-02-17
Note that some phones that don't have a NFC chip made by NXP don't fully support Mifare Classic tags. See this list and this one.
Open source alternative to Auth0 / Firebase Auth / AWS CognitoProject mention: Okta to Acquire Auth0 for $6.5B | news.ycombinator.com | 2021-03-03
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)Project mention: Design an Effective Build Stage for Continuous Integration | dev.to | 2021-04-08
Find Security Bugs uses a security database to detect almost 140 different vulnerability types in Java web applications.
Signal Protocol library for Java/AndroidProject mention: Question about Signal API | reddit.com/r/signal | 2021-02-07
Signal Protocol Java library
Bouncy Castle Java Distribution (Mirror)Project mention: Dozens sue Amazon's Ring after camera hack leads to threats and racial slurs | reddit.com/r/technology | 2020-12-23
Recently there was a constant time enhancement in bouncy castle that added a comparison using indexOf instead of charAt. Fairly easy to overlook, although glaring in hindsight, if there are no negative tests covering the functionality.
An authorization library that supports access control models like ACL, RBAC, ABAC in JavaProject mention: Casbin: An authorization library that supports access control models like ACL, RBAC, ABAC in Java | reddit.com/r/java | 2021-04-08
A p2p, secure file storage, social network and application protocol (by Peergos)Project mention: Zero Data App | news.ycombinator.com | 2021-03-06
If you're looking for secure sharing of private data on IPFS you should check out Peergos . Disclaimer - I'm a co-founder. The model there is each user needs at least one Peergos instance storing their data, normally their home-server. We've designed it so that people should never have to see an encryption key, or cryptographic hash, nor know what pinning is. As far as apps go, we plan to build a sandbox and api in the browser for running untrusted apps served directly from Peergos which you can grant fine grained permissions to your data in Peergos. The sandbox here would be designed so an app couldn't even exfiltrate data via loading an external img tag.
Nzyme is a free and open next-generation WiFi defense system. Go to www.nzyme.org for more information.Project mention: My Inlaws Wifi Is Being Spoofed By Their | reddit.com/r/techsupport | 2020-12-31
Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Advanced Graphical User Interface for NMapProject mention: Network Scan | reddit.com/r/msp | 2021-01-06
With nmap scan results, it's up to you to convert the data to anything other than text. Zenmap is a GUI frontend for the scanner, and can do a bit of graphic mapping, but it's really showing its age. https://github.com/danicuestasuarez/NMapGUI might be a better use of your time.
The best authentication plugin for the Bukkit/Spigot API!Project mention: Online mode = false // Any way to configure it to allow Premium skins? | reddit.com/r/admincraft | 2021-01-19
AuthMe Reloaded has this option if I remember correctly. Link: https://github.com/AuthMe/AuthMeReloaded
OpenPGP for Android
What are some of the best open-source Security projects in Java? This list will help you: