The first version of Java was released on January 23, 1996. Since then Java is said to run on over 3 billion devices. Many of these devices are web servers.
Java is one of the top 5 most popular technologies, according to the 2018 StackOverflow survey.
For this reason, I've compiled a curated list of awesome-java-security resources to help devs code securely with Java.
A curated list of awesome Java security-related resources.
List inspired by the awesome list thing.
Supported by: GuardRails.io
Web Framework Hardening
- Apache Shiro - A powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.
- JJWT - Java JWT: JSON Web Token for Java and Android.
- OWASP ESAPI Java - Enterprise Security API is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications.
- PAC4J - Security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services.
- Spring Security - A powerful and highly customizable authentication and access-control framework.
- Spring Security Oauth - Support for adding OAuth1(a) and OAuth2 features (consumer and provider) for Spring web applications.
Did I miss anything? Let me know in the comments.
And, please leave a like (or ⭐ the repo) if you find it useful.