Top 13 Java Owasp Projects

• dependency-track

  18 2,315 9.8 Java

  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

  

Project mention: Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub | news.ycombinator.com | 2024-04-21

I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.

I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.

It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.

Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)

• find-sec-bugs

  8 2,204 6.1 Java

  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• wrongsecrets

  3 1,117 9.8 Java

  Vulnerable app with examples showing how to not use secrets

  

Project mention: How to Not Use Secrets | news.ycombinator.com | 2023-12-03

• crAPI

  2 956 7.6 Java

  completely ridiculous API (crAPI)

  

Project mention: how do you guys create your swagger file? | /r/bugbounty | 2023-06-26

The swagger file for that is available on their repository here: https://github.com/OWASP/crAPI/blob/develop/openapi-spec/openapi-spec.json

• cyclonedx-maven-plugin

  10 273 8.3 Java

  Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

  

Project mention: Krita fund has 0 corporate support | news.ycombinator.com | 2023-10-05

As others have already commented:

The US government has added SBOMs to a proposed rule to update the Federal Acquisition Regulation. So if you want to sell to the US Government you'll have to provide SBOMs: https://www.federalregister.gov/documents/2023/10/03/2023-21...

Lots of large companies require SBOMs from their supplier.

In the EU we will get the Cyber Resilience Act which will make them mandatory as well in certain cases: https://data.consilium.europa.eu/doc/document/ST-12536-2023-...

And yes, there's bascially two technical standards to provide them: SPDX and CycloneDX: https://cyclonedx.org/

• VulnerableApp

  16 250 7.3 Java

  OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.

  

• semgrep-rules-android-security

  1 203 8.5 Java

  A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

  

Project mention: Powerful SAST project for Android Application Security | /r/bugbounty | 2023-06-21

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• cyclonedx-gradle-plugin

  6 138 8.3 Java

  Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects

  

• HybridTestFramework

  4 136 9.5 Java

  End to End testing of Web, API, Cloud, Events and Security

Project mention: Cloud Native Testing Framework | news.ycombinator.com | 2024-03-27

• Admin-Panel_Finder

  1 112 0.0 Java

  A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

• cyclonedx-core-java

  1 68 7.9 Java

  CycloneDX SBOM Model and Utils for Creating and Validating BOMs

  

Project mention: Dependency inventory / dashboard for multiple maven projects | /r/java | 2023-06-08

• owasp-zap-jwt-addon

  6 28 1.6 Java

  OWASP ZAP addon for finding vulnerabilities in JWT Implementations

  

• FileChampion4j

  1 1 9.1 Java

  Powerful and Flexible File Validation Library for Java

Java Owasp related posts

• Cloud Native Testing Framework
  1 project | news.ycombinator.com | 27 Mar 2024
• HybridTestFramework: Cloud Native Testing Framework
  1 project | news.ycombinator.com | 26 Mar 2024
• Dependency-Track
  1 project | news.ycombinator.com | 27 Oct 2023
• Krita fund has 0 corporate support
  7 projects | news.ycombinator.com | 5 Oct 2023
• how do you guys create your swagger file?
  1 project | /r/bugbounty | 26 Jun 2023
• The ultimate guide to Java Security Vulnerabilities (CVE)
  2 projects | /r/java | 29 Dec 2022
• Is there any news about 64 bit Steam?
  1 project | /r/linux_gaming | 26 Nov 2022
• A note from our sponsor - WorkOS
  workos.com | 26 Apr 2024

  The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Java projects with our weekly report!