Top 23 Java Security Projects

• Keycloak

  229 19,762 10.0 Java

  Open Source Identity and Access Management For Modern Applications and Services

  

Project mention: Securing Vue Apps with Keycloak | dev.to | 2024-04-03

In this article we'll be using Keycloak to secure a Vue.js Web application. We're going to leverage oidc-client-ts to integrate OIDC authentication with the Vue app. The oidc-client-ts package is a well-maintained and used library. It provides a lot of utilities for building out a fully production app.

• ZAP

  61 11,965 9.2 Java

  The ZAP core project

  

Project mention: Bruno | news.ycombinator.com | 2024-03-09

I use ZAP [1] with the OAST add-on for this at the moment. I admit the UX isn't perfect, but it serves my purpose.

If I also want control over the responses (e.g. return a 401 status code for every fifth request), I have a custom extender script [2] for that.

[1]: https://www.zaproxy.org/

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• SuperTokens Community

  114 11,872 9.4 Java

  Open source alternative to Auth0 / Firebase Auth / AWS Cognito

  

Project mention: Ask HN: Simple Auth for Website | news.ycombinator.com | 2024-04-23

I get what you are trying to do, but it feels a bit insecure. Why not use an OSS passwordless project like https://github.com/supertokens/supertokens-core/ or https://github.com/teamhanko/hanko

• Cryptomator

  491 10,619 9.7 Java

  Multi-platform transparent client-side encryption of your files in the cloud

  

Project mention: Dropbox: How to opt out of 3rd party AI partner access to your Dropbox | news.ycombinator.com | 2023-12-13

the best way to do this is with https://cryptomator.org

• jjwt

  4 9,847 8.3 Java

  Java JWT: JSON Web Token for Java and Android

  

Project mention: Java JWT: JSON Web Token for Java and Android | news.ycombinator.com | 2023-10-04

• Spring Security

  10 8,406 9.9 Java

  Spring Security

  

• graylog

  46 7,089 10.0 Java

  Free and open log management

  

Project mention: graylog VS openobserve - a user suggested alternative | libhunt.com/r/graylog2-server | 2023-09-07

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• DependencyCheck

  11 5,863 9.4 Java

  OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Project mention: OWASP dependency check (<9.0.0) could fail to work after Dec 15th, 2023 | /r/programming | 2023-12-05

• Apache Shiro

  4 4,257 9.5 Java

  Apache Shiro

  

Project mention: Serverless Apache Zeppelin on AWS | dev.to | 2024-02-04

The only missing feature in this architecture is the login and logout capability. In this case, Apache Zeppelin provides Shiro for notebook authentication. Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Here, you can find a step-by-step guide about how Shiro works. This example uses the default configuration.

• MifareClassicTool

  10 4,245 8.6 Java

  An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

• hawk

  0 3,966 0.0 Java

  ✔️ Secure, simple key-value storage for Android

• jasypt-spring-boot

  1 2,788 0.0 Java

  Jasypt integration for Spring boot

• FairEmail

  218 2,689 10.0 Java

  Fully featured, open source, privacy friendly email app for Android

Project mention: Email Apps | /r/androidapps | 2023-12-10

• pac4j

  1 2,375 9.5 Java

  Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  

Project mention: The Java security framework to protect web applications and web services | news.ycombinator.com | 2023-06-26

• jCasbin

  2 2,318 7.5 Java

  An authorization library that supports access control models like ACL, RBAC, ABAC in Java

  

• dependency-track

  18 2,315 9.8 Java

  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

  

Project mention: Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub | news.ycombinator.com | 2024-04-21

I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.

I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.

It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.

Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)

• find-sec-bugs

  8 2,201 6.1 Java

  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  

• Bouncy Castle

  9 2,154 9.5 Java

  Bouncy Castle Java Distribution (Mirror)

  

Project mention: Show HN: filippo.io/mlkem768 – Post-Quantum Cryptography for the Go Ecosystem | news.ycombinator.com | 2024-02-01

Note that there may be incompatibilities until NIST has published the final revisions. Some specifications are on Round 3 kyber, others are on FIPS 203.

This one will interoperate with Bouncy Castle as we both use FIPS 203 draft, but won't interoperate with OQS that is still on the Round 3 submission.

See also: https://github.com/bcgit/bc-java/issues/1578

• orbot

  24 1,949 9.6 Java

  The Github home of Orbot: Tor on Android (Also available on gitlab!)

  

Project mention: Daily Reminder: You Need Orbot on Your Smartphone | /r/privacy | 2023-10-24

• burpgpt

  1 1,875 6.9 Java

  A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.

Project mention: Lost all my content writing contracts. Feeling hopeless as an author. | /r/ChatGPT | 2023-05-06

• Peergos

  33 1,859 9.3 Java

  A p2p, secure file storage, social network and application protocol

  

Project mention: Tim Bray's De-Google Project | news.ycombinator.com | 2024-03-11

A good Dropbox alternative is Peergos (founder here). Peergos is an E2EE P2P storage, sharing and application protocol. Fully open source, including the server, self-hostable, no VCs.

https://peergos.org

• itext-java

  2 1,841 9.5 Java

  iText for Java represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText can be a boon to nearly every workflow.

  

Project mention: FastPDF Service API (Java) VS itext7 - a user suggested alternative | libhunt.com/r/fastpdf-java | 2023-12-07

• BinAbsInspector

  4 1,509 4.4 Java

  BinAbsInspector: Vulnerability Scanner for Binaries

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Java Security related posts

• Ask HN: Simple Auth for Website
  2 projects | news.ycombinator.com | 23 Apr 2024
• Securing Vue Apps with Keycloak
  3 projects | dev.to | 3 Apr 2024
• User Management and Identity Brokering for On-Prem Apps with Keycloak
  1 project | dev.to | 3 Apr 2024
• Navigating Identity Authentication: From LDAP to Modern Protocols
  2 projects | dev.to | 28 Mar 2024
• Ask HN: No-code, simple-setup user management
  1 project | news.ycombinator.com | 11 Mar 2024
• What is API Discovery, and How to Use it to Reduce Your Attack Surface
  3 projects | dev.to | 7 Mar 2024
• WhatsApp forces Pegasus spyware maker to share its secret code
  2 projects | news.ycombinator.com | 2 Mar 2024
• A note from our sponsor - InfluxDB
  www.influxdata.com | 24 Apr 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Java projects with our weekly report!