awesome-java-security

Java ACME client for issuing X.509 certificates using Let's Encrypt or another ACME based CA.

Java implementation of cryptographic algorithms.

Java Security Provider that implements parts of the Java Cryptography Extension and Java Secure Socket Extension.

Multi-platform transparent client-side encryption of your files in the cloud.

Easy-to-use crypto toolkit by Google.

System for distributing and managing secrets.

A powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.

Java JWT: JSON Web Token for Java and Android.

Enterprise Security API is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.

Security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.

A powerful and highly customizable authentication and access-control framework.

Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.

(PDF) The standard is a list of application security requirements that can be used by developers.

This guide covers major Java Standard Edition security components: Java Cryptography Architecture (JCA), Java Authentication and Authorization Service (JAAS) and Java Secure Socket Extensions (JSSE)

A collection of security details for different users of the Java Platform.

This article explains how XSS attacks work and suggests a methodology to block XSS attacks.

Secure Coding Guidelines for Java SE

This guide walks you through the process of creating a simple web application with resources that are protected by Spring Security.

A static code security analyzer to discover, filter and prioritize security and privacy risks.

An enterprise friendly way of detecting and preventing secrets in code.

SpotBugs plugin for security audits of Java web applications and Android applications.

Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.

A static analyzer for Android apps (APK files), searches for security vulnerabilities. Contains 90+ vulnerability categories.

SonarQube provides the capability to show the health of an application and highlight newly introduced issues.

A vulnerable web application aimed at people who are new to pen testing.

A Java test suite designed to verify the speed and accuracy of vulnerability detection tools.

Web and mobile application security training platform.

A deliberately insecure Java Web Application.

Code Pulse is a real-time code coverage tool for penetration testing activities.

Helps automatically find security vulnerabilities in your web applications.

Vulnerabilities that were assigned a CVE. Covers the language and packages.

Free tool to locate CVEs and outdated dependencies in libraries.

Java known vulnerabilities in the National Vulnerability Database.

Detects publicly disclosed vulnerabilities in application dependencies.

CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies.

Commercial but free listing of known vulnerabilities in libraries.