Jar Analyzer - 一个 JAR 包 GUI 分析工具,方法调用关系搜索,方法调用链 DFS 算法分析,模拟 JVM 的污点分析验证 DFS 结果,字符串搜索,Java Web 组件入口分析,CFG 程序分析,JVM 栈帧分析,自定义表达式搜索。官方文档:https://docs.qq.com/doc/DV3pKbG9GS0pJS0tk
🔍 CodeAuditAssistant - IDEA代码审计插件(公测中) ⚡ 精准追踪复杂调用链 | 🚀 毫秒级方法搜索 | 🔥 内置高危漏洞检测 原生集成 | 反编译/路径分析 | 内存优化 | 安全审计利器 🔍 CodeAuditAssistant - JetBrains Code Audit Plugin (Beta) ⚡ Deep Call-Chain Tracking | 🚀 Method/Class Search | 🔥 Prebuilt Vuln Sinks Native Integration | Decompiler/Path Finder | Memory Optimized
"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with the technology stacks of Servlet&filter, Spring,struts,Dubbo,Thrift, jax-rs,jax-ws,JFinal,Netty,MyBatis,and JSP.
Java web and command line applications demonstrating various security topics
Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
使用JNI加密字节码,通过JVMTI解密字节码以保护代码,支持自定义包名和密钥,使用魔法禁止黑客dump字节码
基于 RBAC 模型功能全面的 Shiro 安全集成&简化&扩展组件。Shiro integration & simplifies & Extension component based RBAC
Demonstrate how usage of the Java Security Manager can prevent Remote Code Execution (RCE) exploits.
An ongoing collection of java language tools and frameworks, software, libraries, learning tutorials, frameworks, academic and practical resources.
An ongoing curated list of frameworks, books, articles, talks, screencasts, recordings, libraries, learning tutorials and resources about Java Development.
Fast and powerful cryptographic functions thanks to javax.crypto and CommonCrypto.
Sample web app to demo end-to-end security w/ JavaEE, Spring Security and RBAC fine-grained authorization. All connections use SSL.
Application Intrusion Detection projects
TuxCare SecureChain enhances Java supply chain security through vetted libraries, vulnerability fixes, and extended support. Ideal for enterprise-level compliance and secure development.
一个为广大安全人员整合的知识框架,目前会涉及到Web安全、Java安全研究、红蓝对抗、应急响应、APP、SRC、CTF等。
Tutorial on RBAC role engineering practice using Apache Fortress as the security system inside a sample Apache Wicket Java Web app. Based on this article: http://iamfortress.net/2015/03/05/the-seven-steps-of-role-engineering/
Sample Apache Wicket web app to demo basic java EE security and RBAC with Apache Fortress
SpringJWT is a simple project designed to help users understand JWT implementation with Spring Security, including the use of bearer tokens for secure authentication.
Automated STIG Benchmark Compliance Remediation for Tomcat 9 with Ansible
A PGP end-to-end encrypted generic email client developed for Smart India Hackathon.
Add a description, image, and links to the java-security topic page so that developers can more easily learn about it.
To associate your repository with the java-security topic, visit your repo's landing page and select "manage topics."