Top 4 Java Appsec Projects

ZAP

61 11,965 9.2 Java

The ZAP core project

Project mention: Bruno | news.ycombinator.com | 2024-03-09

I use ZAP [1] with the OAST add-on for this at the moment. I admit the UX isn't perfect, but it serves my purpose.
If I also want control over the responses (e.g. return a 401 status code for every fifth request), I have a custom extender script [2] for that.
[1]: https://www.zaproxy.org/

dependency-track

17 2,303 9.8 Java

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Project mention: SQL Injection Isn't Dead Yet | dev.to | 2024-04-15

To detect these types of vulnerabilities, we should first and foremost know our dependencies and versions, and which of them have vulnerabilities. The OWASP Top 10 2021 identifies this need as A06:2021-Vulnerable and Outdated Components. OWASP has several tools for this, including Dependency Check and Dependency Track. These tools will warn about the use of components with vulnerabilities.

WorkOS

workos.com sponsored

The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
VulnerableApp

16 249 7.3 Java

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
sechub

1 239 9.7 Java

SecHub provides a central API to test software with different security tools.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-04-15.