Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Java Security Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
-
MifareClassicTool
An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.
-
pac4j
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
-
burpgpt
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
-
itext-java
iText for Java represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText can be a boon to nearly every workflow.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
In this article we'll be using Keycloak to secure a Vue.js Web application. We're going to leverage oidc-client-ts to integrate OIDC authentication with the Vue app. The oidc-client-ts package is a well-maintained and used library. It provides a lot of utilities for building out a fully production app.
I use ZAP [1] with the OAST add-on for this at the moment. I admit the UX isn't perfect, but it serves my purpose.
If I also want control over the responses (e.g. return a 401 status code for every fifth request), I have a custom extender script [2] for that.
[1]: https://www.zaproxy.org/
I get what you are trying to do, but it feels a bit insecure. Why not use an OSS passwordless project like https://github.com/supertokens/supertokens-core/ or https://github.com/teamhanko/hanko
Project mention: Dropbox: How to opt out of 3rd party AI partner access to your Dropbox | news.ycombinator.com | 2023-12-13the best way to do this is with https://cryptomator.org
Project mention: graylog VS openobserve - a user suggested alternative | libhunt.com/r/graylog2-server | 2023-09-07
Project mention: OWASP dependency check (<9.0.0) could fail to work after Dec 15th, 2023 | /r/programming | 2023-12-05
The only missing feature in this architecture is the login and logout capability. In this case, Apache Zeppelin provides Shiro for notebook authentication. Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Here, you can find a step-by-step guide about how Shiro works. This example uses the default configuration.
Project mention: The Java security framework to protect web applications and web services | news.ycombinator.com | 2023-06-26
Project mention: Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub | news.ycombinator.com | 2024-04-21I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.
I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.
It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.
Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)
Project mention: Show HN: filippo.io/mlkem768 – Post-Quantum Cryptography for the Go Ecosystem | news.ycombinator.com | 2024-02-01Note that there may be incompatibilities until NIST has published the final revisions. Some specifications are on Round 3 kyber, others are on FIPS 203.
This one will interoperate with Bouncy Castle as we both use FIPS 203 draft, but won't interoperate with OQS that is still on the Round 3 submission.
See also: https://github.com/bcgit/bc-java/issues/1578
Project mention: Lost all my content writing contracts. Feeling hopeless as an author. | /r/ChatGPT | 2023-05-06
A good Dropbox alternative is Peergos (founder here). Peergos is an E2EE P2P storage, sharing and application protocol. Fully open source, including the server, self-hostable, no VCs.
https://peergos.org
Project mention: FastPDF Service API (Java) VS itext7 - a user suggested alternative | libhunt.com/r/fastpdf-java | 2023-12-07
Java Security related posts
- Ask HN: Simple Auth for Website
- Securing Vue Apps with Keycloak
- User Management and Identity Brokering for On-Prem Apps with Keycloak
- Navigating Identity Authentication: From LDAP to Modern Protocols
- Ask HN: No-code, simple-setup user management
- What is API Discovery, and How to Use it to Reduce Your Attack Surface
- WhatsApp forces Pegasus spyware maker to share its secret code
-
A note from our sponsor - InfluxDB
www.influxdata.com | 24 Apr 2024
Index
What are some of the best open-source Security projects in Java? This list will help you:
Project | Stars | |
---|---|---|
1 | Keycloak | 19,762 |
2 | ZAP | 11,965 |
3 | SuperTokens Community | 11,872 |
4 | Cryptomator | 10,619 |
5 | jjwt | 9,847 |
6 | Spring Security | 8,406 |
7 | graylog | 7,089 |
8 | DependencyCheck | 5,863 |
9 | Apache Shiro | 4,257 |
10 | MifareClassicTool | 4,245 |
11 | hawk | 3,966 |
12 | jasypt-spring-boot | 2,788 |
13 | FairEmail | 2,689 |
14 | pac4j | 2,375 |
15 | jCasbin | 2,318 |
16 | dependency-track | 2,315 |
17 | find-sec-bugs | 2,201 |
18 | Bouncy Castle | 2,154 |
19 | orbot | 1,949 |
20 | burpgpt | 1,875 |
21 | Peergos | 1,859 |
22 | itext-java | 1,841 |
23 | BinAbsInspector | 1,509 |
Sponsored