SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 Java Security Projects
-
FastAPI's tutorial on how to implement a basic OAuth server helped me a lot in understanding the basic concepts.
https://fastapi.tiangolo.com/tutorial/security/
After getting familiar, I self hosted Keycloak and integrated it with my FastAPI server.
-
Tink
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Project mention: “Please do not make it public” (Tencent’s Sogou Input Method) | news.ycombinator.com | 2023-08-09> I wonder what people say when they find a bug despite you using standard crypto?
Not using TLS doesn't automatically mean you need to "roll your own crypto". They could have used a well documentend library such as Google Tink[1] instead of doing their own crypto.
-
Onboard AI
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
-
Project mention: Show HN: Pākiki Proxy – An intercepting proxy for penetration pesting | news.ycombinator.com | 2023-10-27
Briefly reviewed your product. Seems like OWASP ZAP is your competition: https://www.zaproxy.org/
It runs entirely in the browser so it uses the browser "native" frameworks.
-
Project mention: What is the best way to implement authentication that provides Google Auth, Facebook Auth, etc. | /r/node | 2023-10-18
-
Project mention: VeraCrypt: Free, open source, disk encryption for Windows, Mac OS X, Linux | news.ycombinator.com | 2023-10-01
I've used countless encryption "schemes" over the years, from True/Vera-Crypt to encrypted sparse bundles/images, and none have ever really felt right.
These days i tend to use Cryptomator[0] instead. It accomplishes what none of the others could do, which is transparent encryption across devices.
With Cryptomator, i simply create a vault somewhere in the cloud, stuff data in it, and i can access it from my laptop, phone or tablet, and not think much about it. It integrates into the normal file browsing APIs, and doesn't get in the way.
Because it does "per file" encryption, it also doesn't need to download a 20-100MB chunk from the cloud before decrypting, so it's rather fast (depending on file size of course).
-
-
Spring security has long had great OAuth2.0 support from both the server and client elements. Recently spring security added support for the private_key_jwt client authentication method as part of the authorization code grant flow. Spring Security GitHub ref
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
Project mention: graylog VS openobserve - a user suggested alternative | libhunt.com/r/graylog2-server | 2023-09-07
-
DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Use Security Tools: To identify known vulnerabilities in your project's dependencies, you can utilize commands like npm audit or employ third-party security scanners such as DependencyCheck or Dependabot. These tools thoroughly analyze the dependency tree and offer actionable insights to assist you in resolving any identified vulnerabilities.
-
-
-
MifareClassicTool
An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.
Project mention: MifareClassicTool - An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags. | /r/hacking | 2023-02-19 -
-
pac4j
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Project mention: The Java security framework to protect web applications and web services | news.ycombinator.com | 2023-06-26 -
Project mention: FairEmail development may cease due to Google 'security' requirements | news.ycombinator.com | 2023-11-16
-
-
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
-
Project mention: Java implementation of a quantum computing resistant cryptographic algorithm | news.ycombinator.com | 2023-10-23
The readme mentions a dependency on Bouncy Castle - note that BC already contains several Java-based PQC signature schemes, see https://doc.primekey.com/bouncycastle/interoperability#Inter... and https://github.com/bcgit/bc-java
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
Project mention: Amino – The Public IPFS DHT Is Getting a Facelift | news.ycombinator.com | 2023-10-03
You can do that with peergos [1]- mount a peergos folder locally using FUSE. Or login to the web interface and share easily and privately.
-
-
itext7
iText for Java represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText can be a boon to nearly every workflow.
-
burpgpt
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
Project mention: Lost all my content writing contracts. Feeling hopeless as an author. | /r/ChatGPT | 2023-05-06 -
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Java Security related posts
- Korean Smartphones Have Mandatory Shutter Sounds, 8 in 10 Want It Muted
- Ask HN: Any Comprehensive Courses on Auth?
- FairEmail development may cease due to Google 'security' requirements
- Auditor app version 77 released
- Show HN: Pākiki Proxy – An intercepting proxy for penetration pesting
- Dependency-Track
- SSLContext Kickstart 8.2.0 Released - Library to easily configure ssl
-
A note from our sponsor - #<SponsorshipServiceOld:0x00007f0f9ba39cb8>
www.saashub.com | 30 Nov 2023
Index
What are some of the best open-source Security projects in Java? This list will help you:
Project | Stars | |
---|---|---|
1 | Keycloak | 18,140 |
2 | Tink | 13,369 |
3 | ZAP | 11,479 |
4 | SuperTokens Community | 10,745 |
5 | Cryptomator | 10,105 |
6 | jjwt | 9,482 |
7 | Spring Security | 8,091 |
8 | graylog | 6,856 |
9 | DependencyCheck | 5,481 |
10 | Apache Shiro | 4,200 |
11 | hawk | 3,950 |
12 | MifareClassicTool | 3,948 |
13 | jasypt-spring-boot | 2,663 |
14 | pac4j | 2,338 |
15 | FairEmail | 2,328 |
16 | jCasbin | 2,268 |
17 | find-sec-bugs | 2,140 |
18 | Bouncy Castle | 2,068 |
19 | dependency-track | 2,016 |
20 | Peergos | 1,755 |
21 | orbot | 1,719 |
22 | itext7 | 1,688 |
23 | burpgpt | 1,685 |