Java Security

Open-source Java projects categorized as Security Edit details

Top 23 Java Security Projects

  • Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

    Project mention: Fortifying federated access to AWS via OIDC | | 2022-08-12

    To demonstrate the key differences between OIDC and SAML, I have created a small repo that allows to deploy Keycloak on an EC2 instance and then configure the SAML and OIDC clients to use with AWS. For those unfamiliar with Keycloak, it is an open source Identity and Access Management tool sponsored by RedHat and widely used by many of our customers and ourselves as an identity provider. Among other features, Keycloak supports SAML and OIDC protocols for identity management and provides user federation via LDAP that allows to use it with an existing user base from an Active Directory. After deployment of Keycloak and configuring the SAML and OIDC clients, we can use Keycloak to login into AWS. The SAML login can be performed by going to https://auth.\${TF\_VAR\_root\_dn}/realms/awsfed/protocol/saml/clients/amazon-aws where ${TF_VAR_root_dn} is the subdomain you need to create before the deployment. After entering the credentials for the user testuser that is created by the deployment scripts, we get redirected to the AWS console for the AWS account to which Keycloak has been deployed. If we would have assigned multiple roles to the same Keycloak group (or multiple groups to testuser), a page like the one below would appear (which would look familiar to everyone who already used SAML federation with AWS). If you like to experiment and have deployed everything from the repo, you can go to the network tab of the development tools of the browser, find the saml document there and copy its contents.

  • Zed

    The OWASP ZAP core project

    Project mention: Saving sessions for bug bounty, how important it is? | | 2022-08-11

    I am using ZAP instead of Burp Community because of an option to save session and a few other things, but unfortunately there is a bug or just bad functionality inside ZAP to freeze and takes too long to load existing sessions. There is even an open issue on GitHub from 2015 and still there is no fix for that. What is your opinion and experience with saving sessions for bug bounty, is it important for bug bounty hunting?

  • SonarLint

    Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

  • jjwt

    Java JWT: JSON Web Token for Java and Android

    Project mention: Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449 | | 2022-04-21

    Note that this PoC uses DER signature which is accepted by the jjwt library as fallback (see ), but that is not a standard. Standard is JOSE format.

  • Cryptomator

    Multi-platform transparent client-side encryption of your files in the cloud

    Project mention: Can MEGA be trusted? | | 2022-08-15

    Yes Sir! But if you really want to secure your files better use Cryptomator.

  • Spring Security

    Spring Security

    Project mention: 🎀 Spring Boot 2.7.0 Released | | 2022-06-21

    Spring Security 5.7

  • SuperTokens Community

    Open source alternative to Auth0 / Firebase Auth / AWS Cognito

    Project mention: Newb Question: how do I keep a user "logged in" on a React site using RESTful API? | | 2022-08-14

    Checkout these reactjs authentication examples implementing different strategies here, using SuperTokens in all of them.

  • graylog

    Free and open source log management

    Project mention: Log Central | | 2022-08-04

    I don't quite understand the window-logic but for logs there are things like Logstash, Loki, Graylog and probably many others that are meant to handle logs.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

    Project mention: Gitlab community dependency scanning | | 2022-04-01

    We use OWASP dependency-check and pass reports to SonarQube.

  • Apache Shiro

    Apache Shiro

    Project mention: Reaper 3.0 for Apache Cassandra is available | | 2022-03-15

    Shiro 1.8.0

  • hawk

    ✔️ Secure, simple key-value storage for Android

  • MifareClassicTool

    An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

    Project mention: [request] A tweak to overwrite 4-but udid of a mifare card | | 2022-08-08

    Following this vulnerability: You can overwrite the UDID on a 4-but mifare card Problem is, the only software it links is for android (

  • Keywhiz

    A system for distributing and managing secrets

    Project mention: Keycloak: Open-Source Identity and Access Management | | 2022-05-04
  • jasypt-spring-boot

    Jasypt integration for Spring boot

    Project mention: How to store sensitive information passwords and etc | | 2022-03-05

    Check out Jasypt Spring Boot Starter.

  • pac4j

    Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    Project mention: Find Security Bugs | | 2022-02-23
  • jCasbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Java

  • Bouncy Castle

    Bouncy Castle Java Distribution (Mirror)

    Project mention: Bouncy Castle VS pgpainless - a user suggested alternative | | 2022-08-12
  • Peergos

    A p2p, secure file storage, social network and application protocol

    Project mention: P2P E2EE global filesystem and application protocol | | 2022-08-16
  • itext7

    iText 7 for Java represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText 7 can be a boon to nearly every workflow.

    Project mention: FOSS pdf editor for PC? | | 2021-12-21

    iText 7

  • dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

    Project mention: 8 top SBOM tools to consider | | 2022-07-25

    It's missing DependencyTrack which has been adopted by OWASP.

  • BinAbsInspector

    BinAbsInspector: Vulnerability Scanner for Binaries

    Project mention: BinAbsInspector: BinAbsInspector: Vulnerability Scanner for Binaries | | 2022-04-20
  • nzyme

    Nzyme is a free and open next-generation WiFi defense system. Go to for more information.

    Project mention: Nzyme – open-source next-generation WiFi defense system | | 2021-10-04
  • orbot

    The Github home of Orbot: Tor on Android (Also available on gitlab!)

    Project mention: How to use non-foss app? | | 2022-08-08

    Install Orbot to use Tor as proxy, optionally replaced or combined with WireGuard.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-08-16.

Java Security related posts


What are some of the best open-source Security projects in Java? This list will help you:

Project Stars
1 Keycloak 13,121
2 Zed 9,741
3 jjwt 8,489
4 Cryptomator 7,745
5 Spring Security 7,017
6 SuperTokens Community 6,762
7 graylog 6,207
8 DependencyCheck 4,310
9 Apache Shiro 3,875
10 hawk 3,870
11 MifareClassicTool 3,069
12 Keywhiz 2,514
13 jasypt-spring-boot 2,213
14 pac4j 2,159
15 find-sec-bugs 1,929
16 jCasbin 1,779
17 Bouncy Castle 1,749
18 Peergos 1,495
19 itext7 1,305
20 dependency-track 1,268
21 BinAbsInspector 1,164
22 nzyme 1,095
23 orbot 1,061
Find remote jobs at our new job board There are 3 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives