Java Security

Open-source Java projects categorized as Security

Top 23 Java Security Projects

  • GitHub repo Tink

    Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

    Project mention: Storing Sensitive Information in Django | | 2021-03-14
  • GitHub repo Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

    Project mention: Are there PHP-based SSO / OAuth / SAML / CAS providers that I can easily self-host and manage graphically on cPanel shared hosting ? | | 2021-04-09

    What you are looking for is an Identity Provider or IdP. As far as self hostable solutions go, Keycloak is going to be your best bet. I’m not aware of any IdPs that are written in PHP and can match the features of Keycloak.

  • GitHub repo Zed

    The OWASP ZAP core project

    Project mention: Any fiddler-like program which can debug the request I sent ? | | 2021-03-09

    What you are looking for is a "man in the middle (MITM)" proxy, and my favorite is ZAP, although the appropriately named mitmproxy is also very popular

  • GitHub repo jjwt

    Java JWT: JSON Web Token for Java and Android

    Project mention: JWT authentication in Spring Security and Angular | | 2020-09-14

    There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.

  • GitHub repo Spring Security

    Spring Security

  • GitHub repo graylog

    Free and open source log management

    Project mention: AWS releases forked Elasticsearch code. Announces new name: OpenSearc | | 2021-04-12
  • GitHub repo Cryptomator

    Multi-platform transparent client-side encryption of your files in the cloud

    Project mention: Encrypt your files with this open source software | | | 2021-04-13

    For small vaults you can use Cryptomator, . It works nicely also for cloud options.

  • GitHub repo Apache Shiro

    Apache Shiro

    Project mention: Libraries, Frameworks and Technologies you would NOT recommend | | 2021-04-13

    Apache Shiro is another security framework. I haven't tried it out myself, but I was sorely tempted to when trying to set up Spring Security.

  • GitHub repo DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

    Project mention: Weekly Developer Roundup #16 - Sun Oct 04 2020 | | 2020-10-03

    jeremylong/DependencyCheck (Java): OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

  • GitHub repo Keywhiz

    A system for distributing and managing secrets

  • GitHub repo MifareClassicTool

    An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

    Project mention: Help With Mifare Classic Tags | | 2021-02-17

    Note that some phones that don't have a NFC chip made by NXP don't fully support Mifare Classic tags. See this list and this one.

  • GitHub repo SuperTokens Community

    Open source alternative to Auth0 / Firebase Auth / AWS Cognito

    Project mention: Okta to Acquire Auth0 for $6.5B | | 2021-03-03
  • GitHub repo pac4j

    Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • GitHub repo find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    Project mention: Design an Effective Build Stage for Continuous Integration | | 2021-04-08

    Find Security Bugs uses a security database to detect almost 140 different vulnerability types in Java web applications.

  • GitHub repo libsignal-protocol-java

    Signal Protocol library for Java/Android

    Project mention: Question about Signal API | | 2021-02-07

    Signal Protocol Java library

  • GitHub repo Bouncy Castle

    Bouncy Castle Java Distribution (Mirror)

    Project mention: Dozens sue Amazon's Ring after camera hack leads to threats and racial slurs | | 2020-12-23

    Recently there was a constant time enhancement in bouncy castle that added a comparison using indexOf instead of charAt. Fairly easy to overlook, although glaring in hindsight, if there are no negative tests covering the functionality.

  • GitHub repo jCasbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Java

    Project mention: Casbin: An authorization library that supports access control models like ACL, RBAC, ABAC in Java | | 2021-04-08
  • GitHub repo Peergos

    A p2p, secure file storage, social network and application protocol (by Peergos)

    Project mention: Zero Data App | | 2021-03-06

    If you're looking for secure sharing of private data on IPFS you should check out Peergos [0][1][2]. Disclaimer - I'm a co-founder. The model there is each user needs at least one Peergos instance storing their data, normally their home-server. We've designed it so that people should never have to see an encryption key, or cryptographic hash, nor know what pinning is. As far as apps go, we plan to build a sandbox and api in the browser for running untrusted apps served directly from Peergos which you can grant fine grained permissions to your data in Peergos. The sandbox here would be designed so an app couldn't even exfiltrate data via loading an external img tag.




  • GitHub repo nzyme

    Nzyme is a free and open next-generation WiFi defense system. Go to for more information.

    Project mention: My Inlaws Wifi Is Being Spoofed By Their | | 2020-12-31
  • GitHub repo play-pac4j

    Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • GitHub repo NMapGUI

    Advanced Graphical User Interface for NMap

    Project mention: Network Scan | | 2021-01-06

    With nmap scan results, it's up to you to convert the data to anything other than text. Zenmap is a GUI frontend for the scanner, and can do a bit of graphic mapping, but it's really showing its age. might be a better use of your time.

  • GitHub repo AuthMeReloaded

    The best authentication plugin for the Bukkit/Spigot API!

    Project mention: Online mode = false // Any way to configure it to allow Premium skins? | | 2021-01-19

    AuthMe Reloaded has this option if I remember correctly. Link:

  • GitHub repo apg

    OpenPGP for Android

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-04-13.


What are some of the best open-source Security projects in Java? This list will help you:

Project Stars
1 Tink 11,215
2 Keycloak 8,615
3 Zed 8,390
4 jjwt 7,370
5 Spring Security 5,806
6 graylog 5,697
7 Cryptomator 5,238
8 Apache Shiro 3,433
9 DependencyCheck 2,893
10 Keywhiz 2,382
11 MifareClassicTool 2,310
12 SuperTokens Community 2,098
13 pac4j 1,982
14 find-sec-bugs 1,591
15 libsignal-protocol-java 1,528
16 Bouncy Castle 1,393
17 jCasbin 1,360
18 Peergos 909
19 nzyme 703
20 play-pac4j 377
21 NMapGUI 317
22 AuthMeReloaded 308
23 apg 237